CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 1CVE-2010-5076 – Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name
https://notcve.org/view.php?id=CVE-2010-5076
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. QSslSocket de Qt anteriores a 4.7.0-rc1 reconoce direcciones IP comodín en el campo "Common Name" del "subject" de un certificado X.509, lo que permite a atacantes "man-in-the-middle" suplantar servidores SSL arbitrarios a través de un certificado modificado suministrado por una autoridad de certificación legítima. • http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e http://rhn.redhat.com/errata/RHSA-2012-0880.html http://secunia.com/advisories/41236 http://secunia.com/advisories/49604 http://secunia.com/advisories/49895 http://www.ubuntu.com/usn/USN-1504-1 http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt https://bugreports.qt-project.org/browse/QTBUG-4455 https://access.redhat.com/security/c • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 16EXPL: 0CVE-2011-3193 – qt/harfbuzz buffer overflow
https://notcve.org/view.php?id=CVE-2011-3193
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Desbordamiento de buffer de memoria dinámica en la función Lookup_MarkMarkPos del módulo HarfBuzz (harfbuzz-gpos.c), tal como se usa en Qt anteriores a 4.7.4 y Pango. Permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo de fuentes modificado. • http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65 http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08 http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0 http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html http://rhn.redhat.com/errata/RHSA-2011-1323.html http://rhn.redhat.com/errata/RH • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 4%CPEs: 1EXPL: 0CVE-2011-3194 – qt buffer overflow in greyscale images
https://notcve.org/view.php?id=CVE-2011-3194
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. Desbordamiento de buffer en el lector de TIFF de gui/image/qtiffhandler.cpp de Qt 4.7.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la etiqueta TIFFTAG_SAMPLESPERPIXEL de una imagen en escala de grises TIFF con múltiples muestras por pixel. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html http://rhn.redhat.com/errata/RHSA-2011-1323.html http://rhn.redhat.com/errata/RHSA-2011-1328.html http://secunia.com/advisories/46128 http://secunia.com/advisories/46140 http://secunia.com/advisories/46187 http://secunia.com/advisories/46371 http://secunia.com/advisories&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2010-1766
https://notcve.org/view.php?id=CVE-2010-1766
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. Error de superación de límite en la función WebSocketHandshake::readServerHandshake en websockets/WebSocketHandshake.cpp en WebCore en WebKit anterior a r56380, utilizado en Qt y otros productos, permite a los servidores de websockets remotos provocar una denegación de servicio (corrupción de memoria), o posiblemente tener otro impacto no especificado a través de una cabecera de actualización que es larga e inválida. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40557 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://trac.webkit.org/changeset/56380 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.ubuntu.com/usn/USN-1006-1 http:/& • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 16%CPEs: 30EXPL: 3CVE-2010-2621 – Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-2621
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. La función QSslSocketBackendPrivate::transmit en src_network_ssl_qsslsocket_openssl.cpp en Qt v4.6.3 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una solicitud mal formada. • https://www.exploit-db.com/exploits/14268 http://aluigi.org/adv/qtsslame-adv.txt http://aluigi.org/poc/qtsslame.zip http://osvdb.org/65860 http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597 http://secunia.com/advisories/40389 http://secunia.com/advisories/46410 http://www.securityfocus.com/bid/41250 http://www.vupen.com/english/advisories/2010/1657 https://hermes.opensuse.org/messages/12056605 • CWE-20: Improper Input Validation •