Vulnerabilites related to qt - qt
Vulnerability from fkie_nvd
Published
2023-05-28 23:15
Modified
2024-11-21 08:03
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "006030F9-35BF-489D-8C3F-14ECF93518C3",
"versionEndExcluding": "5.15.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match."
}
],
"id": "CVE-2023-32762",
"lastModified": "2024-11-21T08:03:59.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-28T23:15:09.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476140"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-22 15:15
Modified
2024-11-21 06:21
Severity ?
Summary
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7FCB6B-872F-4900-A2CF-192AFECC4DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C0A66DBD-439D-45EA-BC80-502314D5B0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC14C9CB-1965-4659-8254-17EAB448616D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2B6E9814-F9BA-4A0C-8420-DAAB4A810567",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en Qt. Se encontr\u00f3 una vulnerabilidad de lectura fuera de l\u00edmites en QRadialFetchSimd en el archivo qt/qtbase/src/gui/painting/qdrawhelper_p.h en Qt/Qtbase. Este fallo puede conllevar a un acceso no autorizado a la memoria al renderizar y mostrar un archivo Scalable Vector Graphics (SVG) dise\u00f1ado. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad de la aplicaci\u00f3n."
}
],
"id": "CVE-2021-3481",
"lastModified": "2024-11-21T06:21:38.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-22T15:15:13.363",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-10 06:15
Modified
2025-01-27 21:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| qt | qt | * | |
| qt | qt | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "006030F9-35BF-489D-8C3F-14ECF93518C3",
"versionEndExcluding": "5.15.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled."
}
],
"id": "CVE-2023-32573",
"lastModified": "2025-01-27T21:15:11.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-10T06:15:19.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/474093"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/474093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09F12149-EFFA-4F50-948E-DBDEE0486972",
"versionEndExcluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Hay un consumo de recursos no controlado en QTgaFile."
}
],
"id": "CVE-2018-19871",
"lastModified": "2024-11-21T03:58:43.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:02.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/237761/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/237761/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-18 17:07
Modified
2024-11-21 00:16
Severity ?
Summary
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D26BBF-106F-48C8-9D57-CF080486DB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF63BD-E6FA-49AA-9627-7EDAD7939531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27EBEAE0-C1DF-46E4-9E2A-B333912A4950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCDBB15-4E26-48F0-A266-CA059CFEE596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A07F27DC-47A4-4EF2-91CC-81863D015B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58E53D3A-665D-4EEE-82EF-4EDBD194B475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdelibs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5C548D-9A33-431C-9022-512B4B2DEC0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image."
},
{
"lang": "es",
"value": "El desbordamiento de enteros en el Qt 3.3 versiones anteriores a 3.3.7, 4.1 anteriores a 4.1.5, y 4.2 anteriores a 4.2.1, como el usado en la librer\u00eda KDE khtml, kdelibs 3.1.3, y, posiblemente otros paquetes, permite a los atacantes remotos causar la denegaci\u00f3n de servicio (ca\u00edda) y la posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen pixmap manipulada."
}
],
"id": "CVE-2006-4811",
"lastModified": "2024-11-21T00:16:48.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-10-18T17:07:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22380"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22397"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22479"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22485"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22492"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22520"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22579"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22586"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22589"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22645"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22738"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22890"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22929"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24347"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200611-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200703-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017084"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.483634"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0725.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/449173/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/20599"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-368-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.us.debian.org/security/2006/dsa-1200"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4099"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-723"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200611-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.483634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0725.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449173/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-368-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us.debian.org/security/2006/dsa-1200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2024-11-21 02:26
Severity ?
Summary
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5",
"versionEndIncluding": "4.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en plugins/imageformats/ico/qicohandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen ICO manipulada."
}
],
"id": "CVE-2015-1859",
"lastModified": "2024-11-21T02:26:17.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-12T19:59:05.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/74310"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-08 14:29
Modified
2024-11-21 02:01
Severity ?
Summary
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| fedoraproject | fedora | 19 | |
| fedoraproject | fedora | 20 | |
| opensuse | opensuse | 13.1 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| canonical | ubuntu_linux | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4A22C2-3E1F-41D4-9E72-7F3888DBFFCB",
"versionEndExcluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image."
},
{
"lang": "es",
"value": "El decodificador GIF en QtGui en Qt anterior a 5.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo) a trav\u00e9s de valores de ancho y alto inv\u00e1lidos en un imagen GIF."
}
],
"id": "CVE-2014-0190",
"lastModified": "2024-11-21T02:01:35.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-08T14:29:13.953",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67087"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=333404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=333404"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-16 02:29
Modified
2024-11-21 03:06
Severity ?
Summary
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/ | Issue Tracking, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN67389262/index.html | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN67389262/index.html | Issue Tracking, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:android:*:*",
"matchCriteriaId": "9815918D-C797-4ED8-B408-A2AD28F4CC50",
"versionEndExcluding": "5.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
},
{
"lang": "es",
"value": "Qt para Android en versiones anteriores a la 5.9.0 permite que los atacantes remotos ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2017-10904",
"lastModified": "2024-11-21T03:06:43.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-16T02:29:07.183",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN67389262/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN67389262/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-22 03:15
Modified
2024-11-21 08:05
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67B902C-4F68-4FD5-8A04-FFF6B1F1A738",
"versionEndExcluding": "5.15.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server."
}
],
"id": "CVE-2023-33285",
"lastModified": "2024-11-21T08:05:20.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-22T03:15:09.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477644"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-16 02:29
Modified
2024-11-21 03:06
Severity ?
Summary
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/ | Issue Tracking, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN27342829/index.html | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN27342829/index.html | Issue Tracking, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F88F399C-A111-4C03-8D1B-9F280F9F4BE0",
"versionEndExcluding": "5.9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad en aplicaciones creadas mediante Qt para Android en versiones anteriores a la 5.9.3 permite que atacantes alteren variables del entorno mediante vectores sin especificar."
}
],
"id": "CVE-2017-10905",
"lastModified": "2024-11-21T03:06:43.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-16T02:29:07.230",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN27342829/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN27342829/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09F12149-EFFA-4F50-948E-DBDEE0486972",
"versionEndExcluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen SVG mal formada provoca un fallo de segmentaci\u00f3n en qsvghandler.cpp."
}
],
"id": "CVE-2018-19869",
"lastModified": "2024-11-21T03:58:43.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:02.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/234142/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/234142/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 22:15
Modified
2024-11-21 02:40
Severity ?
Summary
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33FEDE1F-1137-4635-8549-C355C9180288",
"versionEndExcluding": "5.12.8",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564."
},
{
"lang": "es",
"value": "Qt versiones hasta 5.14, permite un ataque de expansi\u00f3n de entidad XML exponencial por medio de un documento SVG dise\u00f1ado que es manejado inapropiadamente en la funci\u00f3n QXmlStreamReader, un problema relacionado con el CVE-2003-1564."
}
],
"id": "CVE-2015-9541",
"lastModified": "2024-11-21T02:40:53.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T22:15:12.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-03 16:19
Modified
2024-11-21 00:25
Severity ?
Summary
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D729F4A6-D9EA-44A3-8974-B03A814130BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters."
},
{
"lang": "es",
"value": "El decodificador de UTF-8 en el codecs/qutfcodec.cpp del Qt 3.3.8 y 4.2.3 no rechaza secuencias largas de UTF-8 como lo solicitado por el est\u00e1ndar, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) y de escalado de directorios mediante secuencias largas que decodifican metacaracteres peligrosos."
}
],
"id": "CVE-2007-0242",
"lastModified": "2024-11-21T00:25:19.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-04-03T16:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24699"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24705"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24726"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24727"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24759"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24797"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24847"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24889"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25263"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26804"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26857"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27108"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27275"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/46117"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.348591"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1292"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076"
},
{
"source": "cve@mitre.org",
"url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23269"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-452-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1212"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1202"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.348591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-452-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-27 02:15
Modified
2024-11-21 04:59
Severity ?
Summary
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/291706 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202007-38 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/291706 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202007-38 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D50AA1-3D3A-463F-9015-4BB82D59E85B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock."
},
{
"lang": "es",
"value": "setMarkdown en Qt versiones anteriores a la versi\u00f3n5.14.2, tiene una vulnerabilidad de uso de la memoria previamente liberada relacionada con la funci\u00f3n QTextMarkdownImporter::insertBlock."
}
],
"id": "CVE-2020-12267",
"lastModified": "2024-11-21T04:59:24.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-27T02:15:12.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-38"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-28 21:15
Modified
2024-11-21 04:02
Severity ?
Summary
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugreports.qt.io/browse/QTBUG-70693 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-70693 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0679A9C-0004-4EB6-8813-78FFB72F7680",
"versionEndIncluding": "5.14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption)."
},
{
"lang": "es",
"value": "En Qt versiones hasta 5.14.1, la implementaci\u00f3n de WebSocket acepta hasta 2GB para tramas y 2GB para mensajes. Los l\u00edmites m\u00e1s peque\u00f1os no pueden ser configurados. Esto hace m\u00e1s f\u00e1cil para los atacantes causar una denegaci\u00f3n de servicio (consumo de memoria)"
}
],
"id": "CVE-2018-21035",
"lastModified": "2024-11-21T04:02:44.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-28T21:15:12.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-70693"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-70693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 19:55
Modified
2024-11-21 01:45
Severity ?
Summary
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 | |
| qt | qt | 4.6.4 | |
| qt | qt | 4.7.0 | |
| qt | qt | 4.7.1 | |
| qt | qt | 4.7.2 | |
| qt | qt | 4.7.3 | |
| qt | qt | 4.7.4 | |
| qt | qt | 4.7.5 | |
| qt | qt | 4.7.6 | |
| qt | qt | 4.8.0 | |
| qt | qt | 4.8.1 | |
| qt | qt | 4.8.2 | |
| qt | qt | 4.8.3 | |
| qt | qt | 4.8.4 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:rc:*:*:*:*:*:*",
"matchCriteriaId": "89E6A634-D297-42AF-B001-48BCBB89C240",
"versionEndIncluding": "4.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*",
"matchCriteriaId": "6E5EF3D1-6BD5-4488-A18C-79E26E87CFA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate."
},
{
"lang": "es",
"value": "La funci\u00f3n QSslSocket::sslErrors en Qt anterior a v4.6.5, v4.7.x anterior a v4.7.6, v4.8.x anterior a v4.8.5, cuando se usan ciertas versiones de openSSL, usa un dise\u00f1o de estructura incompatible que puede leer memoria desde una direcci\u00f3n erronea, lo que produce que Qt reporte un error incorrecto cuando el certificado de validaci\u00f3n falle y puede causar a los usuarios que hagan decisiones de seguridad inseguras para aceptar certificados."
}
],
"id": "CVE-2012-6093",
"lastModified": "2024-11-21T01:45:48.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T19:55:00.907",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29"
},
{
"source": "secalert@redhat.com",
"url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52217"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/01/04/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C42461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/01/04/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C42461"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-26 14:59
Modified
2024-11-21 02:36
Severity ?
Summary
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud_desktop_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A647DF5-F980-495F-A978-FF2C7CD4932D",
"versionEndIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression."
},
{
"lang": "es",
"value": "ownCloud Desktop Client en versiones anteriores a 2.0.1, cuando es compliado con un lanzamiento de Qt en versiones posteriores a 5.3.x, no llama a QNetworkReply::ignoreSslErrors con la lista de errores para ser ignorados, lo que hace m\u00e1s f\u00e1cil para atacantes remotos llevar a cabo ataques man-in-the-middle (MITM) aprovechando un servidor utilizando un certificado autofirmado. NOTA: esta vulnerabilidad existe a causa de una regresi\u00f3n parcial de CVE-2015-4456."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/297.html\" target=\"_blank\"\u003eCWE-297: Improper Validation of Certificate with Host Mismatch\u003c/a\u003e",
"id": "CVE-2015-7298",
"lastModified": "2024-11-21T02:36:32.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-26T14:59:10.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-05 03:15
Modified
2025-01-08 17:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
"versionEndExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "226FFAAF-14BA-4B15-A7DC-40E7CE23947B",
"versionEndExcluding": "6.5.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate."
}
],
"id": "CVE-2023-34410",
"lastModified": "2025-01-08T17:15:13.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-06-05T03:15:09.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477560"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/480002"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/480002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-09 16:29
Modified
2024-11-21 02:25
Severity ?
Summary
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B0AC37-F785-404C-A69F-FA77E586466D",
"versionEndExcluding": "44.0.2403.89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA8BCF4-1157-44BF-A11E-FC3C73204392",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site."
},
{
"lang": "es",
"value": "El motor Google V8, tal y como se utiliza en Google Chrome en versiones anteriores a la 44.0.2403.89 y QtWebEngineCore en Qt en versiones anteriores a la 5.5.1, permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o ejecuten c\u00f3digo arbitrario mediante un sitio web manipulado."
}
],
"id": "CVE-2015-1290",
"lastModified": "2024-11-21T02:25:05.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-09T16:29:00.257",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://codereview.chromium.org/1233453004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.chromium.org/1233453004"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2024-11-21 02:26
Severity ?
Summary
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5",
"versionEndIncluding": "4.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos del buffer en gui/image/qbmphandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen BMP manipulada."
}
],
"id": "CVE-2015-1858",
"lastModified": "2024-11-21T02:26:17.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-12T19:59:04.880",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-04 21:15
Modified
2024-11-21 09:28
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/571601 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/571601 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E12B8628-DB3E-4ED1-9D7F-261C5895F69E",
"versionEndExcluding": "5.15.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "838DE514-7032-40DC-AF57-1661CB8FAFB5",
"versionEndExcluding": "6.2.13",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E25AAED6-E83F-4CB9-8CE2-428F76942B68",
"versionEndExcluding": "6.5.7",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1030EC9F-B558-4FA9-A31D-2053DEA52F3A",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en HTTP2 en Qt antes de 5.15.18, 6.x antes de 6.2.13, 6.3.x hasta 6.5.x antes de 6.5.7 y 6.6.x hasta 6.7.x antes de 6.7.3. El c\u00f3digo para tomar decisiones relevantes para la seguridad sobre una conexi\u00f3n establecida puede ejecutarse demasiado pronto, porque la se\u00f1al encrypted() a\u00fan no se ha emitido ni procesado."
}
],
"id": "CVE-2024-39936",
"lastModified": "2024-11-21T09:28:36.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-04T21:15:10.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/571601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/571601"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-16 00:55
Modified
2024-11-21 01:29
Severity ?
Summary
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | pango | * | |
| qt | qt | * | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.04 | |
| redhat | enterprise_linux_desktop | 4.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_eus | 6.1 | |
| redhat | enterprise_linux_server | 4.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_workstation | 4.0 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| opensuse | opensuse | 11.3 | |
| opensuse | opensuse | 11.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*",
"matchCriteriaId": "933243F1-16BB-40A7-8F91-675FACE96F76",
"versionEndExcluding": "1.25.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E702DDB3-3A75-44E7-B458-1000C82ECC63",
"versionEndExcluding": "4.7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEEC943-452C-4A19-B492-5EC8ADE427CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer de memoria din\u00e1mica en la funci\u00f3n Lookup_MarkMarkPos del m\u00f3dulo HarfBuzz (harfbuzz-gpos.c), tal como se usa en Qt anteriores a 4.7.4 y Pango. Permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de fuentes modificado."
}
],
"id": "CVE-2011-3193",
"lastModified": "2024-11-21T01:29:57.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-16T00:55:03.297",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41537"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46117"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46118"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46119"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46128"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46371"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/75652"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49723"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/75652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2024-11-21 02:26
Severity ?
Summary
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5",
"versionEndIncluding": "4.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en gui/image/qgifhandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen GIF manipulada."
}
],
"id": "CVE-2015-1860",
"lastModified": "2024-11-21T02:26:17.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-12T19:59:06.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-12 02:15
Modified
2024-11-21 06:17
Severity ?
Summary
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| qt | qt | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DF360C-4ADC-4C67-802D-4E6651BE9782",
"versionEndExcluding": "5.15.6",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44ADCFEF-FA24-4424-94C4-A455F8E53CD2",
"versionEndIncluding": "6.1.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke)."
},
{
"lang": "es",
"value": "Qt 5.x antes de la versi\u00f3n 5.15.6 y 6.x hasta la versi\u00f3n 6.1.2 tiene una escritura fuera de l\u00edmites en QOutlineMapper::convertPath (llamada desde QRasterPaintEngine::fill y QPaintEngineEx::stroke)"
}
],
"id": "CVE-2021-38593",
"lastModified": "2024-11-21T06:17:36.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-12T02:15:06.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202402-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.qt.io/Qt_5.15_Release#Known_Issues"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202402-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.qt.io/Qt_5.15_Release#Known_Issues"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-14 19:15
Modified
2024-11-21 04:53
Severity ?
Summary
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugreports.qt.io/browse/QTBUG-81272 | Exploit, Patch, Vendor Advisory | |
| secure@intel.com | https://bugzilla.redhat.com/show_bug.cgi?id=1800604 | Issue Tracking, Patch, Third Party Advisory | |
| secure@intel.com | https://lists.qt-project.org/pipermail/development/2020-January/038534.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-81272 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1800604 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.qt-project.org/pipermail/development/2020-January/038534.html | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| qt | qt | * | |
| qt | qt | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE712F0E-F718-44F5-8D3C-9597BDCFA7F2",
"versionEndExcluding": "5.9.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C20C537-CE28-4732-BCE7-531147012FE4",
"versionEndExcluding": "5.12.7",
"versionStartIncluding": "5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F04F7C8-9824-4D94-A968-E86D2FD8C81E",
"versionEndExcluding": "5.14.0",
"versionStartIncluding": "5.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access."
},
{
"lang": "es",
"value": "Una ruta de b\u00fasqueda no controlada en QT Library versiones anteriores a 5.14.0, 5.12.7 y 5.9.10, puede permitir a un usuario autenticado habilitar potencialmente una elevaci\u00f3n de privilegios por medio un acceso local"
}
],
"id": "CVE-2020-0570",
"lastModified": "2024-11-21T04:53:46.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-14T19:15:10.583",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-81272"
},
{
"source": "secure@intel.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-81272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-02 20:30
Modified
2024-11-21 01:17
Severity ?
Summary
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digia | qt | * | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AE2922-1C8A-453D-BC5F-5F158DEB8607",
"versionEndIncluding": "4.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
},
{
"lang": "es",
"value": "La funci\u00f3n QSslSocketBackendPrivate::transmit en src_network_ssl_qsslsocket_openssl.cpp en Qt v4.6.3 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de una solicitud mal formada."
}
],
"id": "CVE-2010-2621",
"lastModified": "2024-11-21T01:17:01.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-02T20:30:01.707",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/65860"
},
{
"source": "cve@mitre.org",
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40389"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"source": "cve@mitre.org",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/65860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/12056605"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-15 01:15
Modified
2024-11-21 07:48
Severity ?
Summary
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82BC32FC-2B1F-4FD4-A368-DD37D7FCBA7E",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4911A94E-AA2F-4017-8702-0AF092FF809F",
"versionEndExcluding": "6.2.8",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC66FEF-0D94-4464-B9F8-800A1F9424C0",
"versionEndExcluding": "6.4.3",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3."
}
],
"id": "CVE-2023-24607",
"lastModified": "2024-11-21T07:48:13.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-15T01:15:07.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.qt.io/blog/tag/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.qt.io/blog/tag/security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-16 00:55
Modified
2024-11-21 01:29
Severity ?
Summary
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en el lector de TIFF de gui/image/qtiffhandler.cpp de Qt 4.7.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de la etiqueta TIFFTAG_SAMPLESPERPIXEL de una imagen en escala de grises TIFF con m\u00faltiples muestras por pixel."
}
],
"id": "CVE-2011-3194",
"lastModified": "2024-11-21T01:29:57.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-16T00:55:04.733",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46128"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46371"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49383"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201206-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/75653"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49724"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=637275"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "secalert@redhat.com",
"url": "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/75653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=637275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-12 18:15
Modified
2024-11-21 05:08
Severity ?
Summary
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| qt | qt | * | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C737E0-DF07-47D9-AF8B-664A3857246A",
"versionEndIncluding": "5.12.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE6A48D-B484-4F13-861F-EFDB09D2A0FB",
"versionEndExcluding": "5.15.1",
"versionStartIncluding": "5.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Qt versiones hasta 5.12.9 y versiones 5.13.x hasta 5.15.x anteriores a 5.15.1. La funci\u00f3n read_xbm_body en el archivo gui/image/qxbmhandler.cpp presenta una lectura excesiva del b\u00fafer"
}
],
"id": "CVE-2020-17507",
"lastModified": "2024-11-21T05:08:15.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-12T18:15:17.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-20 07:15
Modified
2024-11-21 08:11
Severity ?
Summary
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
"versionEndExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "226FFAAF-14BA-4B15-A7DC-40E7CE23947B",
"versionEndExcluding": "6.5.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length."
}
],
"id": "CVE-2023-37369",
"lastModified": "2024-11-21T08:11:35.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-20T07:15:08.963",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugreports.qt.io/browse/QTBUG-114829"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/455027"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugreports.qt.io/browse/QTBUG-114829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/455027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-12 17:15
Modified
2024-11-21 07:26
Severity ?
Summary
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B80CA217-D896-4BCF-B385-582CDF21DAD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la API QML QtScript Reflect de Qt Project Qt 6.3.2. Un c\u00f3digo JavaScript especialmente manipulado puede desencadenar un acceso a la memoria fuera de los l\u00edmites, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. La aplicaci\u00f3n de destino necesitar\u00eda acceder a una p\u00e1gina web maliciosa para activar esta vulnerabilidad."
}
],
"id": "CVE-2022-43591",
"lastModified": "2024-11-21T07:26:50.243",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-12T17:15:09.523",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-04 01:29
Modified
2024-11-21 03:13
Severity ?
Summary
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | 5.0.0 | |
| qt | qt | 5.0.1 | |
| qt | qt | 5.1.0 | |
| qt | qt | 5.2.0 | |
| qt | qt | 5.3.0 | |
| qt | qt | 5.4.0 | |
| qt | qt | 5.5.0 | |
| qt | qt | 5.6.0 | |
| qt | qt | 5.7.0 | |
| qt | qt | 5.8.0 | |
| qt | qt | 5.9.0 | |
| qt | qt | 5.10.0 | |
| qt | qt | 5.10.1 | |
| qt | qt | 5.11.0 | |
| qt | qt | 5.11.1 | |
| qt | qt | 5.11.2 | |
| qt | qt | 5.11.3 | |
| qt | qt | 5.12.0 | |
| qt | qt | 5.12.1 | |
| qt | qt | 5.12.2 | |
| qt | qt | 5.12.3 | |
| qt | qt | 5.12.4 | |
| qt | qt | 5.13.0 | |
| qt | qt | 5.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE4473E-33BB-4953-9FC5-B3EE503A19E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1E6864-005E-4843-8D76-AF7D687CF991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC41EE4-29DE-4F86-AEA5-179F6AC9F24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F663AA25-2910-4D31-AD72-8BC8F76E9AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD2FCA0-F628-4164-8D32-8191A3004AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AA598B-B954-4389-AEC4-6B8E7762D507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F566F5-FB40-4F63-BF93-C9253A828B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5483AF-66FC-411D-A529-16C5CC8BD8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6827E6-7B15-423D-89C2-46B5E2D35961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58551C4F-EDA2-4AA3-9C5D-6FDF88C5746F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CCC1DB-3BA9-48CB-ADEE-F1C74C88CC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9024B9F9-90B8-494F-950E-955E62A3C872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B54B9182-F8A0-45AA-99A8-A7424A7C34E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B63018D9-848B-4901-9DC9-CE6BBF0C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE2DA92-F05B-426C-8CE7-6DCC6AF6461D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4018AD-55DB-4C13-A26B-ED1564E4C501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC8E8B7-299B-4E76-9DC7-8482BA357B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5AC67C-2634-49DB-9F97-C27498047C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F2A2AC-F3DE-49E3-B0AF-3953ABD1C269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string."
},
{
"lang": "es",
"value": "Las tuber\u00edas nombradas en qtsingleapp en QT 5.x, tal y como se usan en qBittorrent y SugarSync, est\u00e1n configuradas para que se puedan acceder de manera remota y permitan que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) mediante una cadena no especificada."
}
],
"id": "CVE-2017-15011",
"lastModified": "2024-11-21T03:13:55.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-04T01:29:03.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=m6zISgWPGGY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=m6zISgWPGGY"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73CA5980-1396-4C98-8745-90A8F9767B58",
"versionEndIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."
},
{
"lang": "es",
"value": "QXmlSimpleReader en Qt anterior a v5.2 permite a los atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante un ataque XML Entity Expansion (XEE)."
}
],
"id": "CVE-2013-4549",
"lastModified": "2024-11-21T01:55:48.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T22:55:02.880",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56008"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56166"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C71368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C71368"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-09 00:15
Modified
2024-11-21 05:02
Severity ?
Summary
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mumble:mumble:1.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "24EBDE3F-51DC-4E90-B214-5370E19D7653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9AB8E0-BB7E-4EC8-991F-2A2D826B0032",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.12.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE43F06-DFE8-466D-A9BC-FEA2B1BC069B",
"versionEndIncluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "044BF1F4-4129-47C8-BEF5-DD15555D9A98",
"versionEndIncluding": "5.14.2",
"versionStartIncluding": "5.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL\u0027s error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)"
},
{
"lang": "es",
"value": "Qt versiones 5.12.2 hasta 5.14.2, como es usado en compilaciones no oficiales de Mumble versi\u00f3n 1.3.0 y otros productos, maneja inapropiadamente la cola de errores de OpenSSL, lo que puede ser capaz de causar una denegaci\u00f3n de servicio a usuarios de QSslSocket. Debido a que los errores se filtran en sesiones TLS no relacionadas, una sesi\u00f3n no relacionada puede ser desconectada cuando se comete un fallo en cualquier protocolo de enlace. (Mumble versi\u00f3n 1.3.1 no est\u00e1 afectado, independientemente de la versi\u00f3n Qt)"
}
],
"id": "CVE-2020-13962",
"lastModified": "2024-11-21T05:02:14.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-09T00:15:10.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-83450"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mumble-voip/mumble/issues/3679"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mumble-voip/mumble/pull/4032"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-83450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mumble-voip/mumble/issues/3679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mumble-voip/mumble/pull/4032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-29 19:55
Modified
2024-11-21 01:22
Severity ?
Summary
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digia | qt | * | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5547662-C2D8-48C6-B1A5-7F929772EAA9",
"versionEndIncluding": "4.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject\u0027s Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
},
{
"lang": "es",
"value": "QSslSocket de Qt anteriores a 4.7.0-rc1 reconoce direcciones IP comod\u00edn en el campo \"Common Name\" del \"subject\" de un certificado X.509, lo que permite a atacantes \"man-in-the-middle\" suplantar servidores SSL arbitrarios a trav\u00e9s de un certificado modificado suministrado por una autoridad de certificaci\u00f3n leg\u00edtima."
}
],
"id": "CVE-2010-5076",
"lastModified": "2024-11-21T01:22:27.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-29T19:55:01.563",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49604"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"source": "secalert@redhat.com",
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09F12149-EFFA-4F50-948E-DBDEE0486972",
"versionEndExcluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen GIF mal formada provoca una desreferencia de puntero NULL en QGifHandler, lo que resulta en un fallo de segmentaci\u00f3n."
}
],
"id": "CVE-2018-19870",
"lastModified": "2024-11-21T03:58:43.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:02.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/235998/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/235998/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-11 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugreports.qt.io/browse/QTBUG-91507 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-91507 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7FCB6B-872F-4900-A2CF-192AFECC4DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C0A66DBD-439D-45EA-BC80-502314D5B0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "D47A6409-4A47-4963-9D77-DCC92668B6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "28417B5D-0086-436E-9698-20E8C3E5E2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EDDE01F-6F8A-412E-BFE3-5D0561629D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F869EA5F-9246-48B2-8BF0-BF68DA091750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "508C8F60-141E-4168-BCC8-114CD777D2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "94F0B03A-ABD8-44AC-99D6-3232EC44DDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "44C86D23-6D06-4A62-90C3-173852C1545B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E1FFE318-54E1-44B8-9164-696EE8CE280C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC14C9CB-1965-4659-8254-17EAB448616D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "B5846684-AB3C-4CF6-BEDB-660FDA8675DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "58B3621A-04A2-4302-9848-482B102895D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EC7DBCDC-72EE-4C57-8E69-8A733A4F3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "D6212764-5B80-4340-8150-E8CD918ED396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3D2F8A83-BB1A-4938-B1CD-2B604C43D4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EF6E8E02-CBCA-4AB3-8BDA-4177FEDECFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "221D7C16-BB9A-4145-9D18-D68728AFBF3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS)."
}
],
"id": "CVE-2021-28025",
"lastModified": "2024-11-21T05:58:59.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T14:15:12.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:50
Severity ?
Summary
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 42.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F92505F4-3A07-4D80-B85F-F4D3B351A92F",
"versionEndExcluding": "5.11.3",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document."
},
{
"lang": "es",
"value": "QXmlStream en Qt 5.x en versiones anteriores a la 5.11.3 tiene una doble liberaci\u00f3n (double free) o una corrupci\u00f3n durante el an\u00e1lisis de un documento XML ilegal especialmente manipulado."
}
],
"id": "CVE-2018-15518",
"lastModified": "2024-11-21T03:50:59.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:00.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-02 15:15
Modified
2024-11-21 06:52
Severity ?
Summary
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE0E420-E881-4893-948F-4ED9C590E2BC",
"versionEndIncluding": "5.15.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34D0AEC9-E2D5-4E2D-9099-3A257273BB27",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory."
},
{
"lang": "es",
"value": "Qt versiones hasta 5.15.8 y versiones 6.x hasta 6.2.3, pueden cargar archivos de biblioteca del sistema desde un directorio de trabajo no deseado"
}
],
"id": "CVE-2022-25634",
"lastModified": "2024-11-21T06:52:28.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T15:15:08.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396440"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396689"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-05 11:29
Modified
2024-11-21 03:58
Severity ?
Summary
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29ED6A3C-675B-4254-B941-FD2E0CAE94CD",
"versionEndIncluding": "5.7.1",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50D8AFDB-623E-4CE6-B74F-B99139FAC3D0",
"versionEndIncluding": "5.9.7",
"versionStartIncluding": "5.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA1C96C-68EA-431D-8FDA-394C20160C7E",
"versionEndIncluding": "5.10.1",
"versionStartIncluding": "5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97E1D882-E815-43F3-ACE6-0F4E31F604EC",
"versionEndExcluding": "5.11.3",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD2FCA0-F628-4164-8D32-8191A3004AFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de registro de pulsaciones del teclado en Virtual Keyboard en Qt, en versiones 5.7.x, 5.8.x, 5.9.x, 5.10.x y versiones 5.11.x anteriores a la 5.11.3."
}
],
"id": "CVE-2018-19865",
"lastModified": "2024-11-21T03:58:43.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-05T11:29:06.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/243666/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244569/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244687/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244845/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245283/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245293/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245312/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245638/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245640/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/246630/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/243666/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244569/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244687/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244845/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245283/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245293/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245312/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245638/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245640/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/246630/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2025-02-11 20:11
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0812A4D4-D12F-43A6-8A8C-31D117469838",
"versionEndIncluding": "5.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15A9B1B2-A6F8-4A49-AD5C-D5601B9C6311",
"versionEndIncluding": "5.8.0",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "829CF88F-26E4-4B18-8816-5062E7A6FD1E",
"versionEndExcluding": "5.11.3",
"versionStartIncluding": "5.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2B7A2D58-B706-41B4-AC99-D51E317AA2D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. QBmpHandler tiene un desbordamiento de b\u00fafer mediante datos BMP."
}
],
"id": "CVE-2018-19873",
"lastModified": "2025-02-11T20:11:38.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:02.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/238749/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/238749/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-24 21:15
Modified
2024-11-21 08:38
Severity ?
Summary
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B844AA-8325-4FBB-8B65-56C09DEE08A0",
"versionEndExcluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3793E806-D388-440B-A9FE-9F3F38DA53C6",
"versionEndExcluding": "6.2.11",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E200056B-1895-4D3A-809F-B8B70067240B",
"versionEndExcluding": "6.5.4",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD7C249-EF02-4DD7-A5E2-FFCFD373C888",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en la implementaci\u00f3n de HTTP2 en Qt antes de 5.15.17, 6.x antes de 6.2.11, 6.3.x hasta 6.5.x antes de 6.5.4 y 6.6.x antes de 6.6.2. network/access/http2/hpacktable.cpp tiene una comprobaci\u00f3n de desbordamiento de enteros HPack incorrecta."
}
],
"id": "CVE-2023-51714",
"lastModified": "2024-11-21T08:38:39.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-24T21:15:25.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Product"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524864"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Product"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Product"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Product"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-09 22:15
Modified
2024-11-21 05:16
Severity ?
Summary
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/280730 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/280730 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF5E43-A4E5-4B8F-A8FC-F61ED68F2838",
"versionEndExcluding": "5.12.7",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE43F06-DFE8-466D-A9BC-FEA2B1BC069B",
"versionEndIncluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files."
},
{
"lang": "es",
"value": "Es corregido un problema en Qt versiones 5.14.0, donde la funci\u00f3n QPluginLoader intenta cargar plugins relativos al directorio de trabajo, permitiendo a atacantes ejecutar c\u00f3digo arbitrario por medio de archivos dise\u00f1ados"
}
],
"id": "CVE-2020-24742",
"lastModified": "2024-11-21T05:16:00.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-09T22:15:08.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/280730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/280730"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 19:55
Modified
2024-11-21 01:44
Severity ?
Summary
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digia | qt | * | |
| qt | qt | 1.41 | |
| qt | qt | 1.42 | |
| qt | qt | 1.43 | |
| qt | qt | 1.44 | |
| qt | qt | 1.45 | |
| qt | qt | 2.0.0 | |
| qt | qt | 2.0.1 | |
| qt | qt | 2.0.2 | |
| qt | qt | 3.3.0 | |
| qt | qt | 3.3.1 | |
| qt | qt | 3.3.2 | |
| qt | qt | 3.3.3 | |
| qt | qt | 3.3.4 | |
| qt | qt | 3.3.5 | |
| qt | qt | 3.3.6 | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 | |
| qt | qt | 4.6.4 | |
| qt | qt | 4.6.5 | |
| qt | qt | 4.6.5 | |
| qt | qt | 4.7.0 | |
| qt | qt | 4.7.1 | |
| qt | qt | 4.7.2 | |
| qt | qt | 4.7.3 | |
| qt | qt | 4.7.4 | |
| qt | qt | 4.7.5 | |
| qt | qt | 4.7.6 | |
| qt | qt | 4.7.6 | |
| qt | qt | 4.8.0 | |
| qt | qt | 4.8.1 | |
| qt | qt | 4.8.2 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F547829-91BE-4BF6-A19E-E592BC15FD8A",
"versionEndIncluding": "4.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "57FBB4FA-43C6-432F-94FD-BAADF4DD7CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "30245B99-C5CB-4FDA-B70F-2CB7FA7BDF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9FC7F3-02BD-485A-AA1B-C5067F384683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA3424C-8257-445D-A9DC-1CD562651DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D954A35A-9BB8-4415-910D-C4AAEA2F5664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67C5548D-2A34-4AAE-A43F-373D4C7F5B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90E4F51F-52B4-4AB9-926C-EEDAC2052E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6D3319-130D-49BF-8395-90E9F4D8583C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D26BBF-106F-48C8-9D57-CF080486DB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF63BD-E6FA-49AA-9627-7EDAD7939531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27EBEAE0-C1DF-46E4-9E2A-B333912A4950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCDBB15-4E26-48F0-A266-CA059CFEE596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A07F27DC-47A4-4EF2-91CC-81863D015B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58E53D3A-665D-4EEE-82EF-4EDBD194B475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "510C5795-4E61-470F-BE62-A6732F4F0341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.5:rc:*:*:*:*:*:*",
"matchCriteriaId": "88365332-FA7E-42A6-BC52-4517EAAC90B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8A505785-5597-4F5D-99A3-D143C1CCBFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*",
"matchCriteriaId": "6E5EF3D1-6BD5-4488-A18C-79E26E87CFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
},
{
"lang": "es",
"value": "El objeto XMLHttpRequest en Qt anterior a v4.8.4 permite la redirecci\u00f3n http al fichero scheme, lo que permite llevar a atacantes de hombre-en-medio (man-in-the-middle) forzar la lectura de ficheros locales arbitrarios y posiblemente obtener informaci\u00f3n sensible mediante un fichero: URL para una aplicaci\u00f3n QML."
}
],
"evaluatorComment": "Per http://www.ubuntu.com/usn/USN-1723-1/\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\r\n Ubuntu 10.04 LTS\r\n",
"id": "CVE-2012-5624",
"lastModified": "2024-11-21T01:44:59.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-24T19:55:00.830",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52217"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C40034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C40034"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 02:15
Modified
2024-11-21 08:13
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
"versionEndExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54D034EA-7845-4FE1-BA22-0C12D61054B4",
"versionEndExcluding": "6.2.10",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87A37030-7537-4CA1-878E-5AFE90FCF259",
"versionEndExcluding": "6.5.3",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion."
}
],
"id": "CVE-2023-38197",
"lastModified": "2024-11-21T08:13:03.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-07-13T02:15:09.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/488960"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/488960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-18 07:15
Modified
2024-11-21 08:23
Severity ?
Summary
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/503026 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/503026 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F65E936-073F-4BA7-94D5-8B0FF18647DF",
"versionEndExcluding": "5.15.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54D034EA-7845-4FE1-BA22-0C12D61054B4",
"versionEndExcluding": "6.2.10",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D0B762-A0E6-4FAB-BC87-20AC3B0D2534",
"versionEndExcluding": "6.5.3",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Qt antes de 5.15.16, 6.x antes de 6.2.10 y 6.3.x a 6.5.x antes de 6.5.3 en Windows. Cuando se utiliza el motor de fuentes GDI, si se carga una fuente da\u00f1ada a trav\u00e9s de QFontDatabase::addApplicationFont{FromData], puede hacer que la aplicaci\u00f3n se bloquee debido a la falta de comprobaciones de longitud. "
}
],
"id": "CVE-2023-43114",
"lastModified": "2024-11-21T08:23:42.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-18T07:15:38.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/503026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/503026"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | 5.11.0 | |
| opensuse | leap | 15.0 | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6827E6-7B15-423D-89C2-46B5E2D35961",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Qt 5.11. Una imagen PPM mal formada provoca una divisi\u00f3n entre cero y un cierre inesperado en qppmhandler.cpp."
}
],
"id": "CVE-2018-19872",
"lastModified": "2024-11-21T03:58:43.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:32.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4275-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4275-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-06 12:05
Modified
2024-11-21 01:47
Severity ?
Summary
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | 1.41 | |
| qt | qt | 1.42 | |
| qt | qt | 1.43 | |
| qt | qt | 1.44 | |
| qt | qt | 1.45 | |
| qt | qt | 2.0.0 | |
| qt | qt | 2.0.1 | |
| qt | qt | 2.0.2 | |
| qt | qt | 3.3.0 | |
| qt | qt | 3.3.1 | |
| qt | qt | 3.3.2 | |
| qt | qt | 3.3.3 | |
| qt | qt | 3.3.4 | |
| qt | qt | 3.3.5 | |
| qt | qt | 3.3.6 | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 | |
| qt | qt | 4.6.4 | |
| qt | qt | 4.6.5 | |
| qt | qt | 4.7.0 | |
| qt | qt | 4.7.1 | |
| qt | qt | 4.7.2 | |
| qt | qt | 4.7.3 | |
| qt | qt | 4.7.4 | |
| qt | qt | 4.7.5 | |
| qt | qt | 4.7.6 | |
| qt | qt | 4.8.0 | |
| qt | qt | 4.8.1 | |
| qt | qt | 4.8.2 | |
| qt | qt | 4.8.3 | |
| qt | qt | 4.8.4 | |
| qt | qt | 4.8.5 | |
| qt | qt | 5.0.0 | |
| qt | qt | 5.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "57FBB4FA-43C6-432F-94FD-BAADF4DD7CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "30245B99-C5CB-4FDA-B70F-2CB7FA7BDF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9FC7F3-02BD-485A-AA1B-C5067F384683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA3424C-8257-445D-A9DC-1CD562651DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D954A35A-9BB8-4415-910D-C4AAEA2F5664",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67C5548D-2A34-4AAE-A43F-373D4C7F5B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90E4F51F-52B4-4AB9-926C-EEDAC2052E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6D3319-130D-49BF-8395-90E9F4D8583C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D26BBF-106F-48C8-9D57-CF080486DB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF63BD-E6FA-49AA-9627-7EDAD7939531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27EBEAE0-C1DF-46E4-9E2A-B333912A4950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCDBB15-4E26-48F0-A266-CA059CFEE596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A07F27DC-47A4-4EF2-91CC-81863D015B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58E53D3A-665D-4EEE-82EF-4EDBD194B475",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "510C5795-4E61-470F-BE62-A6732F4F0341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8A505785-5597-4F5D-99A3-D143C1CCBFBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "581FF62C-BD93-485C-A5BA-E5EBFEDC45C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server."
},
{
"lang": "es",
"value": "La clase QSharedMemory en Qt v5.0.0, v4.8.x anterior a v4.8.5, v4.7.x anterior a v4.7.6, y otras versiones incluida la v4.4.0 utiliza permisos d\u00e9biles (escritura y lectura para todos los usuarios) para segmentos de memoria compartida, lo que permite a usuarios locales leer informacion sensible o modificar datos cr\u00edticos del programa, como se demostr\u00f3 mediante la lectura de un pixmap enviado al servidor X."
}
],
"id": "CVE-2013-0254",
"lastModified": "2024-11-21T01:47:10.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-06T12:05:43.647",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0669.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0669.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907425"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-23 17:15
Modified
2024-11-21 04:53
Severity ?
Summary
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | ax201_firmware | * | |
| intel | ax201 | - | |
| intel | ax200_firmware | * | |
| intel | ax200 | - | |
| intel | ac_9560_firmware | * | |
| intel | ac_9560 | - | |
| intel | ac_9462_firmware | * | |
| intel | ac_9462 | - | |
| intel | ac_9461_firmware | * | |
| intel | ac_9461 | - | |
| intel | ac_9260_firmware | * | |
| intel | ac_9260 | - | |
| intel | ac_8265_firmware | * | |
| intel | ac_8265 | - | |
| intel | ac_8260_firmware | * | |
| intel | ac_8260 | - | |
| intel | ac_3168_firmware | * | |
| intel | ac_3168 | - | |
| intel | 7265_firmware | * | |
| intel | 7265 | - | |
| intel | ac_3165_firmware | * | |
| intel | ac_3165 | - | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.1 | |
| qt | qt | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ax201_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE813C6-E7E3-47CE-BE67-1CAF309E0FE1",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4649D446-130B-4B31-B9ED-BA7F9F7EEB8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD322BEE-2ECD-4609-83CA-C8872626E971",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9903E2E-A670-40D4-8B9F-D2C0CFDBFC9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18BC7557-FA1D-4167-9603-8FDE808EACAD",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D382D4A1-C8FD-4B47-B2C4-145232EC8AC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9462_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD0347A-0E52-485A-83A7-A81B49291E83",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E89EB0D-233A-486A-BDAE-F5726432CD7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9461_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C08E0594-9993-467A-B4D8-1F1249F60901",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A11E55E8-5FA9-4ED7-AB61-03F22EE1759B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAC7879-1154-44B5-BC95-1AF773635972",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2795E42-D044-4D48-BCB2-61CC1A3471B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_8265_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B11EBD5-6001-4C17-A8F4-DECAD3A013D5",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_8265:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08E2F3E-C4B5-4227-A88D-C50E209A12CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_8260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D020CC57-8C1D-45CE-A64B-635D6367FC67",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_8260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A8F30C-6BB7-4CC6-ADBE-1859DAF66C58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_3168_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0840C384-D43E-4298-9BD6-664D188D8A33",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_3168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5B2BCE-2D8A-440C-B866-76E035314022",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:7265_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BDDDC-B281-41BA-802A-E626B472C366",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:7265:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F957A9E7-E2D2-48D7-8E4D-B264A72C59C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_3165_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B99E6CF2-DB88-496B-B9B2-A533AA537C61",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_3165:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197A3DA1-B8EF-438F-B933-32253C43C8EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FC86A8-54E9-4A65-BE62-13D7D194F5A4",
"versionEndIncluding": "5.13.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "Una escritura fuera de l\u00edmites en los productos Intel\u00ae PROSet/Wireless WiFi en Windows 10 puede habilitar a un usuario autenticado para permitir potencialmente una denegaci\u00f3n de servicio por medio de un acceso local"
}
],
"id": "CVE-2020-0569",
"lastModified": "2024-11-21T04:53:46.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-23T17:15:12.187",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-28 23:15
Modified
2024-11-21 08:04
Severity ?
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
"versionEndExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered."
}
],
"id": "CVE-2023-32763",
"lastModified": "2024-11-21T08:04:00.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-28T23:15:09.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476125"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202402-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202402-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-02 17:30
Modified
2024-11-21 01:05
Severity ?
Summary
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 | |
| qt | qt | 4.6.4 | |
| qt | qt | 4.7.0 | |
| qt | qt | 4.7.1 | |
| qt | qt | 4.7.2 | |
| qt | qt | 4.7.3 | |
| qt | qt | 4.7.4 | |
| qt | qt | 4.7.5 | |
| qt | qt | 4.8.0 | |
| qt | qt | 4.8.1 | |
| qt | qt | 4.8.2 | |
| qt | qt | 4.8.3 | |
| qt | qt | 4.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
},
{
"lang": "es",
"value": "src/network/ssl/qsslcertificate.cpp en Nokia Trolltech Qt v4.x no gestiona adecuadamente el car\u00e1cter \u0027\\0\u0027en un nombre de dominio en el campo Subject Alternative Name field de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elecci\u00f3n a trav\u00e9s de certificados manipulados expedidos por una Autoridad de Certificaci\u00f3n leg\u00edtima, una cuesti\u00f3n relacionada con CVE-2009-2408."
}
],
"id": "CVE-2009-2700",
"lastModified": "2024-11-21T01:05:33.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-02T17:30:00.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36536"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36702"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36203"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-829-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-829-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2499"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of qt and qt4 as shipped with Red Hat Enterprise Linux 3, 4, or 5. Affected code was introduced upstream in version 4.3.",
"lastModified": "2009-09-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-12 17:15
Modified
2024-11-21 07:22
Severity ?
Summary
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B80CA217-D896-4BCF-B385-582CDF21DAD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de enteros en la API QML QtScript Reflect de Qt Project Qt 6.3.2. Un c\u00f3digo JavaScript especialmente manipulado puede provocar un desbordamiento de enteros durante la asignaci\u00f3n de memoria, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. La aplicaci\u00f3n de destino necesitar\u00eda acceder a una p\u00e1gina web maliciosa para activar esta vulnerabilidad."
}
],
"id": "CVE-2022-40983",
"lastModified": "2024-11-21T07:22:23.133",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-12T17:15:09.407",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-16 19:15
Modified
2024-11-21 06:51
Severity ?
Summary
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37B45907-8F77-416A-BD0E-D0F395BF16E0",
"versionEndExcluding": "5.15.9",
"versionStartIncluding": "5.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "458A2EFF-9F2D-4D5E-9605-047B231B41EE",
"versionEndExcluding": "6.2.4",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH."
},
{
"lang": "es",
"value": "En Qt versiones 5.9.x hasta 5.15.x anteriores a 5.15.9 y versiones 6.x anteriores a 6.2.4 en Linux y UNIX, QProcess pod\u00eda ejecutar un binario del directorio de trabajo actual cuando no era encontrado en el PATH"
}
],
"id": "CVE-2022-25255",
"lastModified": "2024-11-21T06:51:53.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-16T19:15:09.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-23 16:54
Modified
2024-11-21 01:55
Severity ?
Summary
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "170E86C5-BBF5-428C-ADA6-3A15EBDA4E19",
"versionEndIncluding": "0.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1433FF02-5809-4437-81C9-F3DDBEEBDF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "757EAC47-2700-4328-91AA-E530629C1ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753CCF-AA7D-4691-87A2-E9D8E3C6B907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01E3D0A4-E754-4730-B926-FEDEE7967356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A85C99B-79A9-4FAF-BA6F-C4137D9FA709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "862BCFFB-C188-423B-B66B-B34E65958F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34CDFCD1-7992-4AAC-9357-1B20C477A3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "297A53B8-257A-4730-A745-06451A993DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831DBB69-C22C-466A-AA01-F8D89AF2516B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A85F092-B58B-461C-A81C-C237EBEB9575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E09B40EF-B855-4CE4-B1D2-9FEA960C2F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C0DA4-45C8-4D40-9736-CCF133629C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68EE8417-05A3-4CAB-8540-20DD34EB6E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0887210F-24D0-4E24-87B4-0F07764CA891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FEC0F5-4EAE-48EE-848C-E3BD14CCE65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06385037-D229-4A07-B1A6-1989BDA19C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA572CB3-5A7F-4BBC-B01D-97412ECE3CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7079BD-A592-4947-86CB-A1CEAC0B1207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C40856E-C88B-42D1-B5A7-F1E1E5FFDD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE7000F-0920-4CFC-8619-7C49F6120FF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7213327F-6909-43A7-952E-11600C28D4E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10EF0EA6-C8B6-40A7-A3AE-8639CA94D5C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F645F3-9767-4FD8-94EB-1096DF24E6C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C342A823-EF6F-4557-9F9E-D8893EA4C2BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B85A443F-0802-412F-9AEE-3525311C93D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06253BA8-7F1E-4C79-9B2E-197307A627F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A213AB8-A5FE-4062-B895-2FC4B19F60A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3F083E-59A8-41B1-826F-2CA39BD425C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DE49E2D5-8EAC-49C7-B704-E626FBE7EC35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A5059B2F-B588-463E-8E96-BC9DA129C12E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C919AF97-9713-44F8-B742-89C438DB0B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "400BBC62-5D03-465B-A864-9CD479B963F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8C96F7-7F85-4E47-A05F-15E3C70AF583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6C236CF1-72C0-4C3D-AE04-B67E3F18EEC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC98D47-8B3C-4DE6-8C45-F5B92266027F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C170C441-619A-48DB-9332-05FA4E62C342",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "053A2531-CFAA-466D-811C-A6154826D596",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "84A3D04C-2739-474C-B659-CBCFA574198B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8D38CF1E-A944-4F7A-BECE-F8DF2589C873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A705DF-3654-427F-8B11-62DB0B6C9813",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05AD5D33-86F4-4BFF-BA84-02AA1347BEEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02FDCF30-D0F7-48AA-9633-9CC060495F47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "788975F6-B3F1-4C21-B963-6BA59F14B71C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6713D96-338B-4467-9F05-3153997F62E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "01EB1A77-92AD-47FB-8290-D05C9B6C19C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74857259-30C7-422D-A24D-BE1E33F09466",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD80066B-787E-496B-88FD-F0AE291468C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88C9F0AB-A125-4DCD-A02B-E04D4D95FB5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF13F89-F4C3-43EC-A36A-2F9283E923B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F2631F09-73DD-4A28-8082-3939D89DDBE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82DDE9E7-EBF9-452B-8380-F9E87CF30ACA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAE68CF-198D-4F01-92F3-4DED7E50ACA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EF798CBC-C8BB-4F88-A927-B385A0DD8F19",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8F568F-7D23-4553-95C5-C7C6B6584EB7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB64EA-DE7B-4CA4-8121-90612409152D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7A932403-9187-471B-BE65-4B6907D57D1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC6D76B-EF54-4F03-84BB-4CEAE31C4FFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4CDA93-AEF6-489E-A5A1-BDC62BC9707B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6866FCCB-1E43-4D8A-BC89-F06CB7A904B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1198129D-E814-4BB8-88DA-E500EB65E01D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1937DF43-31CA-4AB8-8832-96AAD73A7FCF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "59AC452F-3902-4E6C-856D-469C87AAC1C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F30CA60-0A82-45CD-8044-CE245393593D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C991F71-1E27-47A6-97DC-424FC3EF6011",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5740C7AA-1772-41D8-9851-3E3669CD8521",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "970338CD-A680-4DD0-BD27-459B0DDA4002",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A99C579D-44C0-40A4-A4EB-CBCF40D0C2FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9E57FA-5EAE-4698-992D-146C6310E0B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C66CDEC1-FB2E-49B7-A8BE-38E43C8ED652",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87DF2937-9C51-4768-BAB1-901BCA636ADD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "515C0ECD-2D95-4B6E-8E2F-DAF94E4A310F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0EB754-7A71-40FA-9EAD-44914EB758C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1089D316-D5A3-4F2D-9E52-57FD626A1D06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F17D9158-E85A-4436-9180-E8546CF8F290",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "64CBBE6E-8FDA-46AD-96A9-8C6CFFE97ABC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A0D13E-6B06-42E9-BEB9-C8FCC3A4E2ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AB79FB06-4712-4DE8-8C0B-5CEE8530828D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7054A3D4-8C52-4636-B135-1078B8DF1D5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6763B2A-00C4-4AAB-8769-9AAEE4BAA603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD4DE67-9E3C-4F79-8AAB-344C1C46C618",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB718D2-97AA-4D61-AA4B-2216EEF55F67",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "605C06BF-54A0-40F8-A01E-8641B4A83035",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1F5B75-78D5-408E-8148-CA23DCED9CBB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "88DE8C27-0E0A-4428-B25D-054D4FC6FEA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F609DDE4-0858-4F83-B8E6-7870196E21CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "349F02AF-013E-4264-9717-010293A3D6E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "047926F2-846A-4870-9640-9A4F2804D71B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0165D8-0BFA-4D46-95A3-45A03DC086FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6CF6A0-43DC-4C64-A3C4-01EB36F6672B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8251C0-9CAE-4608-BC11-75646A601408",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AC024E5D-122D-4E3D-AD24-759AB5940F20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "723336B5-405A-4236-A507-2C26E591CF49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796DBEC-FF4F-4749-90D5-AD83D8B5E086",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79108278-D644-4506-BD9C-F464C6E817B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF0AA0-41CD-4D50-BA7A-BF8846115C95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "965E1A9D-BB23-4C0B-A9CA-54A1855055B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F37C66-0AFE-4D59-8867-BDBCE656774E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE53AE6-232C-4068-98D1-7749007C3CFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD38139-FD17-41E7-8D10-7731D8203CFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC0B41F-38FF-4D41-9E31-D666A84BB2FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A591CB08-5CEB-45EB-876F-417DCD60AF53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD27648F-E2FF-4779-97F9-2632DCC6B16D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEFB4916-8B59-4534-804C-CF9DA1B18508",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3413A3AB-45A3-48E1-9B30-1194C4E7D49D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5760CE83-4802-42A0-9338-E1E634882450",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "170E86C5-BBF5-428C-ADA6-3A15EBDA4E19",
"versionEndIncluding": "0.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1433FF02-5809-4437-81C9-F3DDBEEBDF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "757EAC47-2700-4328-91AA-E530629C1ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753CCF-AA7D-4691-87A2-E9D8E3C6B907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01E3D0A4-E754-4730-B926-FEDEE7967356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A85C99B-79A9-4FAF-BA6F-C4137D9FA709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "862BCFFB-C188-423B-B66B-B34E65958F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34CDFCD1-7992-4AAC-9357-1B20C477A3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "297A53B8-257A-4730-A745-06451A993DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831DBB69-C22C-466A-AA01-F8D89AF2516B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A85F092-B58B-461C-A81C-C237EBEB9575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E09B40EF-B855-4CE4-B1D2-9FEA960C2F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C0DA4-45C8-4D40-9736-CCF133629C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68EE8417-05A3-4CAB-8540-20DD34EB6E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0887210F-24D0-4E24-87B4-0F07764CA891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FEC0F5-4EAE-48EE-848C-E3BD14CCE65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06385037-D229-4A07-B1A6-1989BDA19C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA572CB3-5A7F-4BBC-B01D-97412ECE3CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7079BD-A592-4947-86CB-A1CEAC0B1207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C40856E-C88B-42D1-B5A7-F1E1E5FFDD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE7000F-0920-4CFC-8619-7C49F6120FF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "581FF62C-BD93-485C-A5BA-E5EBFEDC45C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Quassel IRC anterior a la versi\u00f3n 0.9.1, cuando Qt 4.8.5 o posteriores y PostgreSQL 8.2 o posteriores son usados, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de una \\ (barra invertida) en un mensaje."
}
],
"id": "CVE-2013-4422",
"lastModified": "2024-11-21T01:55:32.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-23T16:54:28.907",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.quassel-irc.org/issues/1244"
},
{
"source": "secalert@redhat.com",
"url": "http://quassel-irc.org/node/120"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/74"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55194"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/55581"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/62923"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.quassel-irc.org/issues/1244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://quassel-irc.org/node/120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-17507
Vulnerability from cvelistv5
Published
2020-08-12 17:35
Modified
2024-08-04 14:00
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:47.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
},
{
"name": "FEDORA-2020-b8091188d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
},
{
"name": "FEDORA-2020-8dd86f1b3f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
},
{
"name": "GLSA-202009-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202009-04"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "openSUSE-SU-2020:1564",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
},
{
"name": "openSUSE-SU-2020:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T23:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
},
{
"name": "FEDORA-2020-b8091188d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
},
{
"name": "FEDORA-2020-8dd86f1b3f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
},
{
"name": "GLSA-202009-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202009-04"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "openSUSE-SU-2020:1564",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
},
{
"name": "openSUSE-SU-2020:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-17507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
},
{
"name": "FEDORA-2020-b8091188d0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
},
{
"name": "FEDORA-2020-8dd86f1b3f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
},
{
"name": "GLSA-202009-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202009-04"
},
{
"name": "openSUSE-SU-2020:1452",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "openSUSE-SU-2020:1564",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
},
{
"name": "openSUSE-SU-2020:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17507",
"datePublished": "2020-08-12T17:35:20",
"dateReserved": "2020-08-12T00:00:00",
"dateUpdated": "2024-08-04T14:00:47.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34410
Vulnerability from cvelistv5
Published
2023-06-05 00:00
Modified
2025-01-08 16:58
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477560"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/480002"
},
{
"name": "FEDORA-2023-0d4b3316f6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-34410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T16:58:49.630299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T16:58:53.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T00:06:20.910150",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477560"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/480002"
},
{
"name": "FEDORA-2023-0d4b3316f6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-34410",
"datePublished": "2023-06-05T00:00:00",
"dateReserved": "2023-06-05T00:00:00",
"dateUpdated": "2025-01-08T16:58:53.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32573
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-27 20:49
Severity ?
EPSS score ?
Summary
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/474093"
},
{
"name": "FEDORA-2023-0d4b3316f6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T20:49:26.255610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T20:49:30.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T00:06:14.525Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/474093"
},
{
"name": "FEDORA-2023-0d4b3316f6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-32573",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-27T20:49:30.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38197
Vulnerability from cvelistv5
Published
2023-07-13 00:00
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qt",
"vendor": "qt",
"versions": [
{
"lessThan": "5.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:qt:qt:6.3.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qt",
"vendor": "qt",
"versions": [
{
"lessThan": "6.5.3",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "38"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "37"
}
]
},
{
"cpes": [
"cpe:2.3:a:qt:qt:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qt",
"vendor": "qt",
"versions": [
{
"lessThan": "6.2.10",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-38197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T16:48:43.530719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T16:48:48.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/488960"
},
{
"name": "FEDORA-2023-364ae10761",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/"
},
{
"name": "FEDORA-2023-5ead27b6d2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/"
},
{
"name": "FEDORA-2023-ff372f9829",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:13.722212",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/488960"
},
{
"name": "FEDORA-2023-364ae10761",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/"
},
{
"name": "FEDORA-2023-5ead27b6d2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/"
},
{
"name": "FEDORA-2023-ff372f9829",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38197",
"datePublished": "2023-07-13T00:00:00",
"dateReserved": "2023-07-13T00:00:00",
"dateUpdated": "2024-08-02T17:30:14.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3193
Vulnerability from cvelistv5
Published
2012-06-16 00:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:55.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46371"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
},
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"name": "openSUSE-SU-2011:1119",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"name": "41537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41537"
},
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "RHSA-2011:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
},
{
"name": "RHSA-2011:1325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
},
{
"name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"name": "46128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46128"
},
{
"name": "RHSA-2011:1324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"name": "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49895"
},
{
"name": "46117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46117"
},
{
"name": "RHSA-2011:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
},
{
"name": "46119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46119"
},
{
"name": "49723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
},
{
"name": "RHSA-2011:1323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
},
{
"name": "RHSA-2011:1328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
},
{
"name": "75652",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75652"
},
{
"name": "46118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46118"
},
{
"name": "pango-harfbuzz-bo(69991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
},
{
"name": "openSUSE-SU-2011:1120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46371"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
},
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"name": "openSUSE-SU-2011:1119",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"name": "41537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41537"
},
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "RHSA-2011:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
},
{
"name": "RHSA-2011:1325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
},
{
"name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"name": "46128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46128"
},
{
"name": "RHSA-2011:1324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"name": "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49895"
},
{
"name": "46117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46117"
},
{
"name": "RHSA-2011:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
},
{
"name": "46119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46119"
},
{
"name": "49723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
},
{
"name": "RHSA-2011:1323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
},
{
"name": "RHSA-2011:1328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
},
{
"name": "75652",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75652"
},
{
"name": "46118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46118"
},
{
"name": "pango-harfbuzz-bo(69991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
},
{
"name": "openSUSE-SU-2011:1120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3193",
"datePublished": "2012-06-16T00:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-06T23:29:55.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2700
Vulnerability from cvelistv5
Published
2009-09-02 17:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36702 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/36203 | vdb-entry, x_refsource_BID | |
| http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:225 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.ubuntu.com/usn/usn-829-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.vupen.com/english/advisories/2009/2499 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/36536 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36702"
},
{
"name": "36203",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
},
{
"name": "MDVSA-2009:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
},
{
"name": "USN-829-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-829-1"
},
{
"name": "ADV-2009-2499",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2499"
},
{
"name": "36536",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36702"
},
{
"name": "36203",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
},
{
"name": "MDVSA-2009:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
},
{
"name": "USN-829-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-829-1"
},
{
"name": "ADV-2009-2499",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2499"
},
{
"name": "36536",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36702"
},
{
"name": "36203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36203"
},
{
"name": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6",
"refsource": "CONFIRM",
"url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
},
{
"name": "MDVSA-2009:225",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
},
{
"name": "USN-829-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-829-1"
},
{
"name": "ADV-2009-2499",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2499"
},
{
"name": "36536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2700",
"datePublished": "2009-09-02T17:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33285
Vulnerability from cvelistv5
Published
2023-05-22 00:00
Modified
2025-01-21 15:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477644"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T15:17:38.437872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T15:17:54.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:21.626146",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477644"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33285",
"datePublished": "2023-05-22T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-21T15:17:54.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4811
Vulnerability from cvelistv5
Published
2006-10-18 17:00
Modified
2024-08-07 19:23
Severity ?
EPSS score ?
Summary
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017084",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017084"
},
{
"name": "RHSA-2006:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0725.html"
},
{
"name": "22738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22738"
},
{
"name": "22485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22485"
},
{
"name": "22586",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22586"
},
{
"name": "oval:org.mitre.oval:def:10218",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218"
},
{
"name": "22579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22579"
},
{
"name": "22520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22520"
},
{
"name": "22479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22479"
},
{
"name": "MDKSA-2006:186",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733"
},
{
"name": "22380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22380"
},
{
"name": "USN-368-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-368-1"
},
{
"name": "20061002-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P"
},
{
"name": "MDKSA-2006:187",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187"
},
{
"name": "22645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22645"
},
{
"name": "20599",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20599"
},
{
"name": "20061101-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742"
},
{
"name": "GLSA-200703-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-06.xml"
},
{
"name": "24347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24347"
},
{
"name": "22890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22890"
},
{
"name": "22397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22397"
},
{
"name": "RHSA-2006:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0720.html"
},
{
"name": "22929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22929"
},
{
"name": "GLSA-200611-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-02.xml"
},
{
"name": "DSA-1200",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-1200"
},
{
"name": "ADV-2006-4099",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4099"
},
{
"name": "SSA:2006-298-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.483634"
},
{
"name": "SUSE-SA:2006:063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html"
},
{
"name": "22492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22492"
},
{
"name": "22589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-723"
},
{
"name": "20061018 rPSA-2006-0195-1 kdelibs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449173/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1017084",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017084"
},
{
"name": "RHSA-2006:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0725.html"
},
{
"name": "22738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22738"
},
{
"name": "22485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22485"
},
{
"name": "22586",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22586"
},
{
"name": "oval:org.mitre.oval:def:10218",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218"
},
{
"name": "22579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22579"
},
{
"name": "22520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22520"
},
{
"name": "22479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22479"
},
{
"name": "MDKSA-2006:186",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733"
},
{
"name": "22380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22380"
},
{
"name": "USN-368-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-368-1"
},
{
"name": "20061002-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P"
},
{
"name": "MDKSA-2006:187",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187"
},
{
"name": "22645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22645"
},
{
"name": "20599",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20599"
},
{
"name": "20061101-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742"
},
{
"name": "GLSA-200703-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-06.xml"
},
{
"name": "24347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24347"
},
{
"name": "22890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22890"
},
{
"name": "22397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22397"
},
{
"name": "RHSA-2006:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0720.html"
},
{
"name": "22929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22929"
},
{
"name": "GLSA-200611-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-02.xml"
},
{
"name": "DSA-1200",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-1200"
},
{
"name": "ADV-2006-4099",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4099"
},
{
"name": "SSA:2006-298-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.483634"
},
{
"name": "SUSE-SA:2006:063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html"
},
{
"name": "22492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22492"
},
{
"name": "22589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-723"
},
{
"name": "20061018 rPSA-2006-0195-1 kdelibs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449173/100/0/threaded"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4811",
"datePublished": "2006-10-18T17:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37369
Vulnerability from cvelistv5
Published
2023-08-20 00:00
Modified
2024-08-02 17:09
Severity ?
EPSS score ?
Summary
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37369",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T20:39:00.158917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T20:39:08.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-114829"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/455027"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "FEDORA-2023-0e68827d36",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/"
},
{
"name": "FEDORA-2023-fd45b50121",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:17.111232",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugreports.qt.io/browse/QTBUG-114829"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/455027"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "FEDORA-2023-0e68827d36",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/"
},
{
"name": "FEDORA-2023-fd45b50121",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37369",
"datePublished": "2023-08-20T00:00:00",
"dateReserved": "2023-06-30T00:00:00",
"dateUpdated": "2024-08-02T17:09:34.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15518
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 09:54
Severity ?
EPSS score ?
Summary
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "openSUSE-SU-2018:4261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T08:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "openSUSE-SU-2018:4261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4374",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "https://codereview.qt-project.org/#/c/236691/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "openSUSE-SU-2018:4261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "MISC",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "https://codereview.qt-project.org/#/c/236691/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15518",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-08-18T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1859
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/74307 | vdb-entry, x_refsource_BID | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/74310 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201603-10 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.ubuntu.com/usn/USN-2626-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "74307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "74310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74310"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "74307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "74310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74310"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1859",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19870
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
References
| ▼ | URL | Tags |
|---|---|---|
| https://codereview.qt-project.org/#/c/235998/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4374 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html | mailing-list, x_refsource_MLIST | |
| https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4003-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://access.redhat.com/errata/RHSA-2019:2135 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:3390 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/235998/"
},
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T08:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/235998/"
},
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/#/c/235998/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/235998/"
},
{
"name": "DSA-4374",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19870",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25255
Vulnerability from cvelistv5
Published
2022-02-16 18:48
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
References
| ▼ | URL | Tags |
|---|---|---|
| https://codereview.qt-project.org/c/qt/qtbase/+/393113 | x_refsource_MISC | |
| https://codereview.qt-project.org/c/qt/qtbase/+/394914 | x_refsource_MISC | |
| https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff | x_refsource_MISC | |
| https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff | x_refsource_MISC | |
| https://codereview.qt-project.org/c/qt/qtbase/+/396020 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T18:48:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/393113",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/394914",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"
},
{
"name": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff",
"refsource": "MISC",
"url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"
},
{
"name": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff",
"refsource": "MISC",
"url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/396020",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25255",
"datePublished": "2022-02-16T18:48:35",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51714
Vulnerability from cvelistv5
Published
2023-12-24 00:00
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524864"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:18.651501",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524864"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51714",
"datePublished": "2023-12-24T00:00:00",
"dateReserved": "2023-12-22T00:00:00",
"dateUpdated": "2024-08-02T22:40:34.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-0570
Vulnerability from cvelistv5
Published
2020-09-14 18:17
Modified
2024-08-04 06:02
Severity ?
EPSS score ?
Summary
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1800604 | x_refsource_MISC | |
| https://bugreports.qt.io/browse/QTBUG-81272 | x_refsource_CONFIRM | |
| https://lists.qt-project.org/pipermail/development/2020-January/038534.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | QT Library |
Version: Fixed in qt 5.14.0, qt 5.12.7, qt 5.9.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:02:52.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-81272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QT Library",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in qt 5.14.0, qt 5.12.7, qt 5.9.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-21T16:50:44",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugreports.qt.io/browse/QTBUG-81272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2020-0570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QT Library",
"version": {
"version_data": [
{
"version_value": "Fixed in qt 5.14.0, qt 5.12.7, qt 5.9.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604"
},
{
"name": "https://bugreports.qt.io/browse/QTBUG-81272",
"refsource": "CONFIRM",
"url": "https://bugreports.qt.io/browse/QTBUG-81272"
},
{
"name": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html",
"refsource": "CONFIRM",
"url": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-0570",
"datePublished": "2020-09-14T18:17:32",
"dateReserved": "2019-10-28T00:00:00",
"dateUpdated": "2024-08-04T06:02:52.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38593
Vulnerability from cvelistv5
Published
2021-08-12 00:00
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders"
},
{
"tags": [
"x_transferred"
],
"url": "https://wiki.qt.io/Qt_5.15_Release#Known_Issues"
},
{
"name": "FEDORA-2022-54760f7fa4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/"
},
{
"name": "FEDORA-2022-4131ced81a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/"
},
{
"name": "GLSA-202402-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-03T07:06:32.200877",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c"
},
{
"url": "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd"
},
{
"url": "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566"
},
{
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml"
},
{
"url": "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders"
},
{
"url": "https://wiki.qt.io/Qt_5.15_Release#Known_Issues"
},
{
"name": "FEDORA-2022-54760f7fa4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/"
},
{
"name": "FEDORA-2022-4131ced81a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/"
},
{
"name": "GLSA-202402-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-03"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38593",
"datePublished": "2021-08-12T00:00:00",
"dateReserved": "2021-08-12T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3481
Vulnerability from cvelistv5
Published
2022-08-22 00:00
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in qt 5.12.11, qt 5.15.4, qt 6.0.3, qt 6.1.0RC."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 - Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T00:06:13.050577",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3481",
"datePublished": "2022-08-22T00:00:00",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3194
Vulnerability from cvelistv5
Published
2012-06-16 00:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46371"
},
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "46140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46140"
},
{
"name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"name": "GLSA-201206-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-02.xml"
},
{
"name": "openSUSE-SU-2011:1119",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "qt-grayscale-bo(69975)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975"
},
{
"name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465"
},
{
"name": "46128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46128"
},
{
"name": "46187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46187"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49895"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=637275"
},
{
"name": "49383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49383"
},
{
"name": "49724",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49724"
},
{
"name": "FEDORA-2011-12145",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html"
},
{
"name": "RHSA-2011:1323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"name": "RHSA-2011:1328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"name": "75653",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75653"
},
{
"name": "openSUSE-SU-2011:1120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46371"
},
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "46140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46140"
},
{
"name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"name": "GLSA-201206-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-02.xml"
},
{
"name": "openSUSE-SU-2011:1119",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "qt-grayscale-bo(69975)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975"
},
{
"name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465"
},
{
"name": "46128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46128"
},
{
"name": "46187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46187"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49895"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=637275"
},
{
"name": "49383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49383"
},
{
"name": "49724",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49724"
},
{
"name": "FEDORA-2011-12145",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html"
},
{
"name": "RHSA-2011:1323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"name": "RHSA-2011:1328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"name": "75653",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75653"
},
{
"name": "openSUSE-SU-2011:1120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3194",
"datePublished": "2012-06-16T00:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4422
Vulnerability from cvelistv5
Published
2013-10-23 15:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://quassel-irc.org/node/120 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/55194 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/55581 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugs.quassel-irc.org/issues/1244 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q4/74 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87805 | vdb-entry, x_refsource_XF | |
| http://security.gentoo.org/glsa/glsa-201311-03.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/62923 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quassel-irc.org/node/120"
},
{
"name": "55194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55194"
},
{
"name": "55581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.quassel-irc.org/issues/1244"
},
{
"name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/74"
},
{
"name": "quasselirc-backslash-sql-injection(87805)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
},
{
"name": "GLSA-201311-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
},
{
"name": "62923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quassel-irc.org/node/120"
},
{
"name": "55194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55194"
},
{
"name": "55581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.quassel-irc.org/issues/1244"
},
{
"name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/74"
},
{
"name": "quasselirc-backslash-sql-injection(87805)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
},
{
"name": "GLSA-201311-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
},
{
"name": "62923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62923"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4422",
"datePublished": "2013-10-23T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:13.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6093
Vulnerability from cvelistv5
Published
2013-02-24 19:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0204",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C42461"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582"
},
{
"name": "USN-1723-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "openSUSE-SU-2013:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"
},
{
"name": "52217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52217"
},
{
"name": "openSUSE-SU-2013:0211",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29"
},
{
"name": "[Announce] 20130102 Qt Project Security Advisory: QSslSocket may report incorrect errors when certificate verification fails",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29"
},
{
"name": "[oss-security] 20130104 Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/04/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0204",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C42461"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582"
},
{
"name": "USN-1723-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "openSUSE-SU-2013:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"
},
{
"name": "52217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52217"
},
{
"name": "openSUSE-SU-2013:0211",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29"
},
{
"name": "[Announce] 20130102 Qt Project Security Advisory: QSslSocket may report incorrect errors when certificate verification fails",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29"
},
{
"name": "[oss-security] 20130104 Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/04/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6093",
"datePublished": "2013-02-24T19:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0190
Vulnerability from cvelistv5
Published
2014-05-08 14:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.kde.org/show_bug.cgi?id=333404 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.ubuntu.com/usn/USN-2626-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.qt-project.org/pipermail/announce/2014-April/000045.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/67087 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=333404"
},
{
"name": "openSUSE-SU-2015:0573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "FEDORA-2014-6922",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20140424 Qt Security Advisory: DoS vulnerability in the GIF image handler",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html"
},
{
"name": "FEDORA-2014-6896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html"
},
{
"name": "FEDORA-2014-5695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"name": "67087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=333404"
},
{
"name": "openSUSE-SU-2015:0573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "FEDORA-2014-6922",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20140424 Qt Security Advisory: DoS vulnerability in the GIF image handler",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html"
},
{
"name": "FEDORA-2014-6896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html"
},
{
"name": "FEDORA-2014-5695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"name": "67087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67087"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0190",
"datePublished": "2014-05-08T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10905
Vulnerability from cvelistv5
Published
2017-12-15 14:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN27342829/index.html | third-party-advisory, x_refsource_JVN | |
| https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Qt Company | Qt for Android |
Version: prior to 5.9.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#27342829",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN27342829/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qt for Android",
"vendor": "The Qt Company",
"versions": [
{
"status": "affected",
"version": "prior to 5.9.3"
}
]
}
],
"datePublic": "2017-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "External Control of Critical State Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#27342829",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN27342829/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qt for Android",
"version": {
"version_data": [
{
"version_value": "prior to 5.9.3"
}
]
}
}
]
},
"vendor_name": "The Qt Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "External Control of Critical State Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#27342829",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN27342829/index.html"
},
{
"name": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10905",
"datePublished": "2017-12-15T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39936
Vulnerability from cvelistv5
Published
2024-07-04 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T16:46:00.935832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T16:46:26.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/571601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-04T20:55:33.298937",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/571601"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39936",
"datePublished": "2024-07-04T00:00:00",
"dateReserved": "2024-07-04T00:00:00",
"dateUpdated": "2024-08-02T04:33:11.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-0569
Vulnerability from cvelistv5
Published
2020-11-23 00:00
Modified
2024-08-04 06:02
Severity ?
EPSS score ?
Summary
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) PROSet/Wireless WiFi products on Windows 10 |
Version: before version 21.70 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:02:52.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) PROSet/Wireless WiFi products on Windows 10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 21.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-12T16:08:18.142495",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-0569",
"datePublished": "2020-11-23T00:00:00",
"dateReserved": "2019-10-28T00:00:00",
"dateUpdated": "2024-08-04T06:02:52.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24607
Vulnerability from cvelistv5
Published
2023-04-15 00:00
Modified
2024-08-02 11:03
Severity ?
EPSS score ?
Summary
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T15:11:26.446866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:28.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qt.io/blog/tag/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"
},
{
"tags": [
"x_transferred"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:15.456739",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.qt.io/blog/tag/security"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"
},
{
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"
},
{
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"
},
{
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"
},
{
"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"
},
{
"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-24607",
"datePublished": "2023-04-15T00:00:00",
"dateReserved": "2023-01-29T00:00:00",
"dateUpdated": "2024-08-02T11:03:18.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0242
Vulnerability from cvelistv5
Published
2007-04-03 16:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html"
},
{
"name": "qt-utf8-xss(33397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397"
},
{
"name": "24699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24699"
},
{
"name": "RHSA-2007:0909",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html"
},
{
"name": "MDKSA-2007:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1202"
},
{
"name": "MDKSA-2007:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"name": "24889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24889"
},
{
"name": "27275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27275"
},
{
"name": "24727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24727"
},
{
"name": "26857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350"
},
{
"name": "SUSE-SR:2007:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html"
},
{
"name": "DSA-1292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1292"
},
{
"name": "24847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24847"
},
{
"name": "24705",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24705"
},
{
"name": "RHSA-2011:1324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"name": "23269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23269"
},
{
"name": "46117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46117"
},
{
"name": "27108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27108"
},
{
"name": "24759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24759"
},
{
"name": "USN-452-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-452-1"
},
{
"name": "24726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24726"
},
{
"name": "20070901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"name": "ADV-2007-1212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1212"
},
{
"name": "25263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25263"
},
{
"name": "26804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26804"
},
{
"name": "FEDORA-2007-703",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"name": "oval:org.mitre.oval:def:11510",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510"
},
{
"name": "RHSA-2007:0883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"name": "SSA:2007-093-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.348591"
},
{
"name": "MDKSA-2007:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html"
},
{
"name": "24797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html"
},
{
"name": "qt-utf8-xss(33397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397"
},
{
"name": "24699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24699"
},
{
"name": "RHSA-2007:0909",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html"
},
{
"name": "MDKSA-2007:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1202"
},
{
"name": "MDKSA-2007:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"name": "24889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24889"
},
{
"name": "27275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27275"
},
{
"name": "24727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24727"
},
{
"name": "26857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350"
},
{
"name": "SUSE-SR:2007:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html"
},
{
"name": "DSA-1292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1292"
},
{
"name": "24847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24847"
},
{
"name": "24705",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24705"
},
{
"name": "RHSA-2011:1324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"name": "23269",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23269"
},
{
"name": "46117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46117"
},
{
"name": "27108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27108"
},
{
"name": "24759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24759"
},
{
"name": "USN-452-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-452-1"
},
{
"name": "24726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24726"
},
{
"name": "20070901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"name": "ADV-2007-1212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1212"
},
{
"name": "25263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25263"
},
{
"name": "26804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26804"
},
{
"name": "FEDORA-2007-703",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"name": "oval:org.mitre.oval:def:11510",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510"
},
{
"name": "RHSA-2007:0883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"name": "SSA:2007-093-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.348591"
},
{
"name": "MDKSA-2007:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html"
},
{
"name": "24797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html"
},
{
"name": "qt-utf8-xss(33397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397"
},
{
"name": "24699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24699"
},
{
"name": "RHSA-2007:0909",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html"
},
{
"name": "MDKSA-2007:074",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074"
},
{
"name": "https://issues.rpath.com/browse/RPL-1202",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1202"
},
{
"name": "MDKSA-2007:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"name": "24889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24889"
},
{
"name": "27275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27275"
},
{
"name": "24727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24727"
},
{
"name": "26857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26857"
},
{
"name": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350",
"refsource": "CONFIRM",
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350"
},
{
"name": "SUSE-SR:2007:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"name": "http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html",
"refsource": "CONFIRM",
"url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html"
},
{
"name": "DSA-1292",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1292"
},
{
"name": "24847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24847"
},
{
"name": "24705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24705"
},
{
"name": "RHSA-2011:1324",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"name": "23269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23269"
},
{
"name": "46117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46117"
},
{
"name": "27108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27108"
},
{
"name": "24759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24759"
},
{
"name": "USN-452-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-452-1"
},
{
"name": "24726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24726"
},
{
"name": "20070901-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"name": "ADV-2007-1212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1212"
},
{
"name": "25263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25263"
},
{
"name": "26804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26804"
},
{
"name": "FEDORA-2007-703",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"name": "oval:org.mitre.oval:def:11510",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510"
},
{
"name": "RHSA-2007:0883",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"name": "SSA:2007-093-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.348591"
},
{
"name": "MDKSA-2007:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075"
},
{
"name": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html"
},
{
"name": "24797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0242",
"datePublished": "2007-04-03T16:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7298
Vulnerability from cvelistv5
Published
2015-10-26 14:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2015-016 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-26T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7298",
"datePublished": "2015-10-26T14:00:00",
"dateReserved": "2015-09-21T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19869
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/234142/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-31T21:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/234142/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/#/c/234142/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/234142/"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1116",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "openSUSE-SU-2020:1452",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19869",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5076
Vulnerability from cvelistv5
Published
2012-06-29 19:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1504-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/49895 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2012-0880.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/41236 | third-party-advisory, x_refsource_SECUNIA | |
| http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e | x_refsource_CONFIRM | |
| http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/49604 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt | x_refsource_MISC | |
| https://bugreports.qt-project.org/browse/QTBUG-4455 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49895"
},
{
"name": "RHSA-2012:0880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"name": "41236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"name": "49604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject\u0027s Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-16T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49895"
},
{
"name": "RHSA-2012:0880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"name": "41236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"name": "49604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5076",
"datePublished": "2012-06-29T19:00:00",
"dateReserved": "2011-12-19T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19873
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "openSUSE-SU-2018:4261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/238749/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T08:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "openSUSE-SU-2018:4261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/238749/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4374",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "openSUSE-SU-2018:4261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"name": "https://codereview.qt-project.org/#/c/238749/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/238749/"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19873",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12267
Vulnerability from cvelistv5
Published
2020-04-27 01:31
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450 | x_refsource_MISC | |
| https://codereview.qt-project.org/c/qt/qtbase/+/291706 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202007-38 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"name": "GLSA-202007-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T02:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"name": "GLSA-202007-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-38"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/291706",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"name": "GLSA-202007-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-38"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12267",
"datePublished": "2020-04-27T01:31:42",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1860
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6573",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6613",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"name": "74302",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "FEDORA-2015-6661",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6573",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6613",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"name": "74302",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "FEDORA-2015-6661",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1860",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-9541
Vulnerability from cvelistv5
Published
2020-01-24 21:53
Modified
2024-08-06 08:51
Severity ?
EPSS score ?
Summary
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugreports.qt.io/browse/QTBUG-47417 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:51:05.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"name": "FEDORA-2020-ca02c529f8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/"
},
{
"name": "FEDORA-2020-3069e44be5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-25T06:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"name": "FEDORA-2020-ca02c529f8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/"
},
{
"name": "FEDORA-2020-3069e44be5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugreports.qt.io/browse/QTBUG-47417",
"refsource": "MISC",
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"name": "FEDORA-2020-ca02c529f8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/"
},
{
"name": "FEDORA-2020-3069e44be5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9541",
"datePublished": "2020-01-24T21:53:41",
"dateReserved": "2020-01-24T00:00:00",
"dateUpdated": "2024-08-06T08:51:05.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43114
Vulnerability from cvelistv5
Published
2023-09-18 00:00
Modified
2024-09-25 15:48
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:22.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/503026"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:48:32.880023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:48:41.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-18T06:55:20.210703",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/503026"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43114",
"datePublished": "2023-09-18T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-25T15:48:41.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2621
Vulnerability from cvelistv5
Published
2010-07-02 20:00
Modified
2024-08-07 02:39
Severity ?
EPSS score ?
Summary
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/46410 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/1657 | vdb-entry, x_refsource_VUPEN | |
| http://aluigi.org/poc/qtsslame.zip | x_refsource_MISC | |
| http://www.securityfocus.com/bid/41250 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/65860 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/40389 | third-party-advisory, x_refsource_SECUNIA | |
| http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597 | x_refsource_CONFIRM | |
| https://hermes.opensuse.org/messages/12056605 | vendor-advisory, x_refsource_SUSE | |
| http://aluigi.org/adv/qtsslame-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "ADV-2010-1657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"name": "41250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"name": "65860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65860"
},
{
"name": "40389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-19T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "ADV-2010-1657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"name": "41250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"name": "65860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65860"
},
{
"name": "40389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46410"
},
{
"name": "ADV-2010-1657",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"name": "http://aluigi.org/poc/qtsslame.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"name": "41250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41250"
},
{
"name": "65860",
"refsource": "OSVDB",
"url": "http://osvdb.org/65860"
},
{
"name": "40389",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40389"
},
{
"name": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
"refsource": "CONFIRM",
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name": "SUSE-SU-2011:1113",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"name": "http://aluigi.org/adv/qtsslame-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2621",
"datePublished": "2010-07-02T20:00:00",
"dateReserved": "2010-07-02T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10904
Vulnerability from cvelistv5
Published
2017-12-15 14:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN67389262/index.html | third-party-advisory, x_refsource_JVN | |
| https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Qt Company | Qt for Android |
Version: prior to 5.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#67389262",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67389262/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qt for Android",
"vendor": "The Qt Company",
"versions": [
{
"status": "affected",
"version": "prior to 5.9.0"
}
]
}
],
"datePublic": "2017-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#67389262",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN67389262/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qt for Android",
"version": {
"version_data": [
{
"version_value": "prior to 5.9.0"
}
]
}
}
]
},
"vendor_name": "The Qt Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67389262",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67389262/index.html"
},
{
"name": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10904",
"datePublished": "2017-12-15T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1858
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/201603-10 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | vendor-advisory, x_refsource_FEDORA | |
| https://codereview.qt-project.org/#/c/108312/ | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.ubuntu.com/usn/USN-2626-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/74309 | vdb-entry, x_refsource_BID | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "74309",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "74309",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1858",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28025
Vulnerability from cvelistv5
Published
2023-08-11 00:00
Modified
2024-10-09 17:37
Severity ?
EPSS score ?
Summary
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28025",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:37:32.242443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:37:40.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28025",
"datePublished": "2023-08-11T00:00:00",
"dateReserved": "2021-03-05T00:00:00",
"dateUpdated": "2024-10-09T17:37:40.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1290
Vulnerability from cvelistv5
Published
2018-01-09 16:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
References
| ▼ | URL | Tags |
|---|---|---|
| http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1 | x_refsource_CONFIRM | |
| https://bugs.chromium.org/p/chromium/issues/detail?id=505374 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html | vendor-advisory, x_refsource_SUSE | |
| http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80 | x_refsource_MISC | |
| https://codereview.chromium.org/1233453004 | x_refsource_CONFIRM | |
| http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374"
},
{
"name": "openSUSE-SU-2015:2368",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1233453004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-09T15:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374"
},
{
"name": "openSUSE-SU-2015:2368",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1233453004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1",
"refsource": "CONFIRM",
"url": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374"
},
{
"name": "openSUSE-SU-2015:2368",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html"
},
{
"name": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80",
"refsource": "MISC",
"url": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80"
},
{
"name": "https://codereview.chromium.org/1233453004",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1233453004"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1290",
"datePublished": "2018-01-09T16:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43591
Vulnerability from cvelistv5
Published
2023-01-12 16:44
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qt Project | Qt |
Version: 6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qt",
"vendor": "Qt Project",
"versions": [
{
"status": "affected",
"version": "6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T16:44:10.325Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-43591",
"datePublished": "2023-01-12T16:44:10.325Z",
"dateReserved": "2022-10-21T18:22:32.243Z",
"dateUpdated": "2024-08-03T13:32:59.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19872
Vulnerability from cvelistv5
Published
2019-03-15 22:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "FEDORA-2019-03ac7f1d2f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/"
},
{
"name": "FEDORA-2019-ae913a2f00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/"
},
{
"name": "FEDORA-2019-b5e690b96e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/"
},
{
"name": "openSUSE-SU-2019:1239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "USN-4275-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4275-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T08:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "FEDORA-2019-03ac7f1d2f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/"
},
{
"name": "FEDORA-2019-ae913a2f00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/"
},
{
"name": "FEDORA-2019-b5e690b96e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/"
},
{
"name": "openSUSE-SU-2019:1239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "USN-4275-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4275-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugreports.qt.io/browse/QTBUG-69449",
"refsource": "CONFIRM",
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"name": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "FEDORA-2019-03ac7f1d2f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/"
},
{
"name": "FEDORA-2019-ae913a2f00",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/"
},
{
"name": "FEDORA-2019-b5e690b96e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/"
},
{
"name": "openSUSE-SU-2019:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "USN-4275-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4275-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19872",
"datePublished": "2019-03-15T22:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25634
Vulnerability from cvelistv5
Published
2022-03-02 14:27
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://codereview.qt-project.org/c/qt/qtbase/+/396440 | x_refsource_CONFIRM | |
| https://codereview.qt-project.org/c/qt/qtbase/+/396689 | x_refsource_CONFIRM | |
| https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff | x_refsource_CONFIRM | |
| https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690 | x_refsource_CONFIRM | |
| https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396440"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-02T14:27:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396440"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/396440",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396440"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/396689",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396689"
},
{
"name": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff",
"refsource": "CONFIRM",
"url": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff"
},
{
"name": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"
},
{
"name": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff",
"refsource": "CONFIRM",
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25634",
"datePublished": "2022-03-02T14:27:37",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:42:50.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32762
Vulnerability from cvelistv5
Published
2023-05-28 00:00
Modified
2024-08-19 16:42
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476140"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qtbase",
"vendor": "qt",
"versions": [
{
"lessThan": "5.15.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qtbase",
"vendor": "qt",
"versions": [
{
"lessThan": "6.2.9",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qtbase",
"vendor": "qt",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T14:17:39.605223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T16:42:12.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:23.176268",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476140"
},
{
"url": "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305"
},
{
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-32762",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-15T00:00:00",
"dateUpdated": "2024-08-19T16:42:12.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19865
Vulnerability from cvelistv5
Published
2018-12-05 11:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://codereview.qt-project.org/#/c/245283/ | x_refsource_MISC | |
| https://codereview.qt-project.org/#/c/243666/ | x_refsource_MISC | |
| https://codereview.qt-project.org/#/c/245638/ | x_refsource_MISC | |
| https://codereview.qt-project.org/#/c/244569/ | x_refsource_MISC | |
| https://codereview.qt-project.org/#/c/245312/ | x_refsource_MISC | |
| https://codereview.qt-project.org/#/c/246630/ | x_refsource_MISC | |
| https://codereview.qt-project.org/#/c/245293/ | x_refsource_MISC | |
| https://codereview.qt-project.org/#/c/244687/ | x_refsource_MISC | |
| https://codereview.qt-project.org/#/c/245640/ | x_refsource_MISC | |
| https://codereview.qt-project.org/#/c/244845/ | x_refsource_MISC | |
| http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/245283/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/243666/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/245638/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/244569/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/245312/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/246630/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/245293/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/244687/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/245640/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/244845/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html"
},
{
"name": "openSUSE-SU-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T21:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/245283/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/243666/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/245638/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/244569/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/245312/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/246630/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/245293/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/244687/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/245640/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/244845/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html"
},
{
"name": "openSUSE-SU-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/#/c/245283/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/245283/"
},
{
"name": "https://codereview.qt-project.org/#/c/243666/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/243666/"
},
{
"name": "https://codereview.qt-project.org/#/c/245638/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/245638/"
},
{
"name": "https://codereview.qt-project.org/#/c/244569/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/244569/"
},
{
"name": "https://codereview.qt-project.org/#/c/245312/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/245312/"
},
{
"name": "https://codereview.qt-project.org/#/c/246630/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/246630/"
},
{
"name": "https://codereview.qt-project.org/#/c/245293/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/245293/"
},
{
"name": "https://codereview.qt-project.org/#/c/244687/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/244687/"
},
{
"name": "https://codereview.qt-project.org/#/c/245640/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/245640/"
},
{
"name": "https://codereview.qt-project.org/#/c/244845/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/244845/"
},
{
"name": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "MISC",
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1263",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html"
},
{
"name": "openSUSE-SU-2019:1259",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19865",
"datePublished": "2018-12-05T11:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24742
Vulnerability from cvelistv5
Published
2021-08-09 21:18
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://codereview.qt-project.org/c/qt/qtbase/+/280730 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/280730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T21:18:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/280730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/280730",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/280730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24742",
"datePublished": "2021-08-09T21:18:27",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32763
Vulnerability from cvelistv5
Published
2023-05-28 00:00
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476125"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "GLSA-202402-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-03"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:20.172374",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476125"
},
{
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "GLSA-202402-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-03"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-32763",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-15T00:00:00",
"dateUpdated": "2024-08-02T15:25:36.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5624
Vulnerability from cvelistv5
Published
2013-02-24 19:00
Modified
2024-09-16 18:45
Severity ?
EPSS score ?
Summary
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-1723-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/52217 | third-party-advisory, x_refsource_SECUNIA | |
| http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/12/04/8 | mailing-list, x_refsource_MLIST | |
| https://codereview.qt-project.org/#change%2C40034 | x_refsource_CONFIRM | |
| http://lists.qt-project.org/pipermail/announce/2012-November/000014.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=883415 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0157",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name": "USN-1723-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "52217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C40034"
},
{
"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name": "openSUSE-SU-2013:0154",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name": "openSUSE-SU-2013:0143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0157",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name": "USN-1723-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "52217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C40034"
},
{
"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name": "openSUSE-SU-2013:0154",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name": "openSUSE-SU-2013:0143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0157",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name": "USN-1723-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "52217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52217"
},
{
"name": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
"refsource": "CONFIRM",
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"name": "https://codereview.qt-project.org/#change,40034",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#change,40034"
},
{
"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"refsource": "MLIST",
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name": "openSUSE-SU-2013:0154",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name": "openSUSE-SU-2013:0143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5624",
"datePublished": "2013-02-24T19:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-16T18:45:23.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-21035
Vulnerability from cvelistv5
Published
2020-02-28 19:17
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
References
| ▼ | URL | Tags |
|---|---|---|
| https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 | x_refsource_MISC | |
| https://bugreports.qt.io/browse/QTBUG-70693 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-70693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-28T19:17:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugreports.qt.io/browse/QTBUG-70693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735"
},
{
"name": "https://bugreports.qt.io/browse/QTBUG-70693",
"refsource": "MISC",
"url": "https://bugreports.qt.io/browse/QTBUG-70693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21035",
"datePublished": "2020-02-28T19:17:43",
"dateReserved": "2020-02-28T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19871
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://codereview.qt-project.org/#/c/237761/ | x_refsource_CONFIRM | |
| https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:2135 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/237761/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1115",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T08:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/237761/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1115",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/#/c/237761/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/237761/"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1115",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19871",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13962
Vulnerability from cvelistv5
Published
2020-06-08 23:14
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mumble-voip/mumble/pull/4032 | x_refsource_MISC | |
| https://bugreports.qt.io/browse/QTBUG-83450 | x_refsource_MISC | |
| https://github.com/mumble-voip/mumble/issues/3679 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202007-18 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mumble-voip/mumble/pull/4032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-83450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mumble-voip/mumble/issues/3679"
},
{
"name": "GLSA-202007-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-18"
},
{
"name": "openSUSE-SU-2020:1319",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"
},
{
"name": "FEDORA-2020-f869e01557",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"
},
{
"name": "FEDORA-2020-ca26a3f832",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"
},
{
"name": "FEDORA-2020-8372f6bae4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL\u0027s error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-05T18:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mumble-voip/mumble/pull/4032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugreports.qt.io/browse/QTBUG-83450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mumble-voip/mumble/issues/3679"
},
{
"name": "GLSA-202007-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-18"
},
{
"name": "openSUSE-SU-2020:1319",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"
},
{
"name": "FEDORA-2020-f869e01557",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"
},
{
"name": "FEDORA-2020-ca26a3f832",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"
},
{
"name": "FEDORA-2020-8372f6bae4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL\u0027s error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mumble-voip/mumble/pull/4032",
"refsource": "MISC",
"url": "https://github.com/mumble-voip/mumble/pull/4032"
},
{
"name": "https://bugreports.qt.io/browse/QTBUG-83450",
"refsource": "MISC",
"url": "https://bugreports.qt.io/browse/QTBUG-83450"
},
{
"name": "https://github.com/mumble-voip/mumble/issues/3679",
"refsource": "MISC",
"url": "https://github.com/mumble-voip/mumble/issues/3679"
},
{
"name": "GLSA-202007-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-18"
},
{
"name": "openSUSE-SU-2020:1319",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"
},
{
"name": "FEDORA-2020-f869e01557",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"
},
{
"name": "FEDORA-2020-ca26a3f832",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"
},
{
"name": "FEDORA-2020-8372f6bae4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13962",
"datePublished": "2020-06-08T23:14:10",
"dateReserved": "2020-06-08T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4549
Vulnerability from cvelistv5
Published
2013-12-23 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"name": "56166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56166"
},
{
"name": "openSUSE-SU-2014:0173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"name": "56008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56008"
},
{
"name": "openSUSE-SU-2014:0125",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"name": "openSUSE-SU-2014:0176",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"name": "openSUSE-SU-2014:0067",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"name": "USN-2057-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C71368"
},
{
"name": "openSUSE-SU-2014:0070",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"name": "FEDORA-2014-5695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-08T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"name": "56166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56166"
},
{
"name": "openSUSE-SU-2014:0173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"name": "56008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56008"
},
{
"name": "openSUSE-SU-2014:0125",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"name": "openSUSE-SU-2014:0176",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"name": "openSUSE-SU-2014:0067",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"name": "USN-2057-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C71368"
},
{
"name": "openSUSE-SU-2014:0070",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"name": "FEDORA-2014-5695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4549",
"datePublished": "2013-12-23T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15011
Vulnerability from cvelistv5
Published
2017-10-03 20:00
Modified
2024-09-16 17:22
Severity ?
EPSS score ?
Summary
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf | x_refsource_MISC | |
| https://www.youtube.com/watch?v=m6zISgWPGGY | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=m6zISgWPGGY"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-03T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=m6zISgWPGGY"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf",
"refsource": "MISC",
"url": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf"
},
{
"name": "https://www.youtube.com/watch?v=m6zISgWPGGY",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=m6zISgWPGGY"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15011",
"datePublished": "2017-10-03T20:00:00Z",
"dateReserved": "2017-10-03T00:00:00Z",
"dateUpdated": "2024-09-16T17:22:41.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0254
Vulnerability from cvelistv5
Published
2013-02-06 11:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2013-0669.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.qt-project.org/pipermail/announce/2013-February/000023.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=907425 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0404",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"
},
{
"name": "RHSA-2013:0669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0669.html"
},
{
"name": "openSUSE-SU-2013:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"
},
{
"name": "[qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html"
},
{
"name": "openSUSE-SU-2013:0411",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0404",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"
},
{
"name": "RHSA-2013:0669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0669.html"
},
{
"name": "openSUSE-SU-2013:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"
},
{
"name": "[qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html"
},
{
"name": "openSUSE-SU-2013:0411",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0404",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"
},
{
"name": "RHSA-2013:0669",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0669.html"
},
{
"name": "openSUSE-SU-2013:0403",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"
},
{
"name": "[qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable",
"refsource": "MLIST",
"url": "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html"
},
{
"name": "openSUSE-SU-2013:0411",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=907425",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0254",
"datePublished": "2013-02-06T11:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40983
Vulnerability from cvelistv5
Published
2023-01-12 16:44
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qt Project | Qt |
Version: 6.3.2. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qt",
"vendor": "Qt Project",
"versions": [
{
"status": "affected",
"version": "6.3.2."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T16:44:11.041Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-40983",
"datePublished": "2023-01-12T16:44:11.041Z",
"dateReserved": "2022-09-20T20:20:21.535Z",
"dateUpdated": "2024-08-03T12:28:42.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}