Page 8 of 52 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. La función QSslSocket::sslErrors en Qt anterior a v4.6.5, v4.7.x anterior a v4.7.6, v4.8.x anterior a v4.8.5, cuando se usan ciertas versiones de openSSL, usa un diseño de estructura incompatible que puede leer memoria desde una dirección erronea, lo que produce que Qt reporte un error incorrecto cuando el certificado de validación falle y puede causar a los usuarios que hagan decisiones de seguridad inseguras para aceptar certificados. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582 http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html http://lists.qt-project.org/pipermail/announce/2013-January/000020.html http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29 http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29 http • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 64EXPL: 0

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. El objeto XMLHttpRequest en Qt anterior a v4.8.4 permite la redirección http al fichero scheme, lo que permite llevar a atacantes de hombre-en-medio (man-in-the-middle) forzar la lectura de ficheros locales arbitrarios y posiblemente obtener información sensible mediante un fichero: URL para una aplicación QML. • http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html http://lists.qt-project.org/pipermail/announce/2012-November/000014.html http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71 http://secunia.com/advisories/52217 http://www.openwall.com/lists/oss-security/2012/12/04/8 http://www.ubuntu.com/usn/USN-1723-1 https://bugz • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.4EPSS: 0%CPEs: 61EXPL: 0

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. La clase QSharedMemory en Qt v5.0.0, v4.8.x anterior a v4.8.5, v4.7.x anterior a v4.7.6, y otras versiones incluida la v4.4.0 utiliza permisos débiles (escritura y lectura para todos los usuarios) para segmentos de memoria compartida, lo que permite a usuarios locales leer informacion sensible o modificar datos críticos del programa, como se demostró mediante la lectura de un pixmap enviado al servidor X. • http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html http://lists.qt-project.org/pipermail/announce/2013-February/000023.html http://rhn.redhat.com/errata/RHSA-2013-0669.html https://bugzilla.redhat.com/show_bug.cgi?id=907425 https://access.redhat.com/security/cve/CVE-2013-0254 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 1

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. QSslSocket de Qt anteriores a 4.7.0-rc1 reconoce direcciones IP comodín en el campo "Common Name" del "subject" de un certificado X.509, lo que permite a atacantes "man-in-the-middle" suplantar servidores SSL arbitrarios a través de un certificado modificado suministrado por una autoridad de certificación legítima. • http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e http://rhn.redhat.com/errata/RHSA-2012-0880.html http://secunia.com/advisories/41236 http://secunia.com/advisories/49604 http://secunia.com/advisories/49895 http://www.ubuntu.com/usn/USN-1504-1 http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt https://bugreports.qt-project.org/browse/QTBUG-4455 https://access.redhat.com/security/c • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 2%CPEs: 16EXPL: 0

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Desbordamiento de buffer de memoria dinámica en la función Lookup_MarkMarkPos del módulo HarfBuzz (harfbuzz-gpos.c), tal como se usa en Qt anteriores a 4.7.4 y Pango. Permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo de fuentes modificado. • http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65 http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08 http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0 http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html http://rhn.redhat.com/errata/RHSA-2011-1323.html http://rhn.redhat.com/errata/RH • CWE-787: Out-of-bounds Write •