Vulnerabilites related to qt - qt
Vulnerability from fkie_nvd
Published
2023-09-18 07:15
Modified
2024-11-21 08:23
Summary
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *
microsoft windows -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F65E936-073F-4BA7-94D5-8B0FF18647DF",
                     versionEndExcluding: "5.15.16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D034EA-7845-4FE1-BA22-0C12D61054B4",
                     versionEndExcluding: "6.2.10",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1D0B762-A0E6-4FAB-BC87-20AC3B0D2534",
                     versionEndExcluding: "6.5.3",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.",
      },
      {
         lang: "es",
         value: "Se descubrió un problema en Qt antes de 5.15.16, 6.x antes de 6.2.10 y 6.3.x a 6.5.x antes de 6.5.3 en Windows. Cuando se utiliza el motor de fuentes GDI, si se carga una fuente dañada a través de QFontDatabase::addApplicationFont{FromData], puede hacer que la aplicación se bloquee debido a la falta de comprobaciones de longitud. ",
      },
   ],
   id: "CVE-2023-43114",
   lastModified: "2024-11-21T08:23:42.967",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-09-18T07:15:38.333",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/503026",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/503026",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-24 22:15
Modified
2024-11-21 02:40
Summary
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
Impacted products
Vendor Product Version
qt qt *
fedoraproject fedora 31
fedoraproject fedora 32



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "33FEDE1F-1137-4635-8549-C355C9180288",
                     versionEndExcluding: "5.12.8",
                     versionStartIncluding: "5.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.",
      },
      {
         lang: "es",
         value: "Qt versiones hasta 5.14, permite un ataque de expansión de entidad XML exponencial por medio de un documento SVG diseñado que es manejado inapropiadamente en la función QXmlStreamReader, un problema relacionado con el CVE-2003-1564.",
      },
   ],
   id: "CVE-2015-9541",
   lastModified: "2024-11-21T02:40:53.150",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-24T22:15:12.880",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-47417",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-47417",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-776",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-04-15 01:15
Modified
2024-11-21 07:48
Summary
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
References
cve@mitre.orghttps://codereview.qt-project.org/c/qt/qtbase/+/456216Issue Tracking
cve@mitre.orghttps://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217Permissions Required
cve@mitre.orghttps://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238Permissions Required
cve@mitre.orghttps://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diffVendor Advisory
cve@mitre.orghttps://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02dPatch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
cve@mitre.orghttps://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-pluginProduct
cve@mitre.orghttps://www.qt.io/blog/tag/securityRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/c/qt/qtbase/+/456216Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diffVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02dPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
af854a3a-2127-422b-91ae-364da2661108https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-pluginProduct
af854a3a-2127-422b-91ae-364da2661108https://www.qt.io/blog/tag/securityRelease Notes
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "82BC32FC-2B1F-4FD4-A368-DD37D7FCBA7E",
                     versionEndExcluding: "5.15.13",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4911A94E-AA2F-4017-8702-0AF092FF809F",
                     versionEndExcluding: "6.2.8",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DC66FEF-0D94-4464-B9F8-800A1F9424C0",
                     versionEndExcluding: "6.4.3",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.",
      },
   ],
   id: "CVE-2023-24607",
   lastModified: "2024-11-21T07:48:13.813",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-15T01:15:07.043",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/456216",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Permissions Required",
         ],
         url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Permissions Required",
         ],
         url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.qt.io/blog/tag/security",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/456216",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.qt.io/blog/tag/security",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-02-06 12:05
Modified
2024-11-21 01:47
Severity ?
Summary
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
Impacted products
Vendor Product Version
qt qt 1.41
qt qt 1.42
qt qt 1.43
qt qt 1.44
qt qt 1.45
qt qt 2.0.0
qt qt 2.0.1
qt qt 2.0.2
qt qt 3.3.0
qt qt 3.3.1
qt qt 3.3.2
qt qt 3.3.3
qt qt 3.3.4
qt qt 3.3.5
qt qt 3.3.6
qt qt 4.0.0
qt qt 4.0.1
qt qt 4.1.0
qt qt 4.1.1
qt qt 4.1.2
qt qt 4.1.3
qt qt 4.1.4
qt qt 4.1.5
qt qt 4.2.0
qt qt 4.2.1
qt qt 4.2.3
qt qt 4.3.0
qt qt 4.3.1
qt qt 4.3.2
qt qt 4.3.3
qt qt 4.3.4
qt qt 4.3.5
qt qt 4.4.0
qt qt 4.4.1
qt qt 4.4.2
qt qt 4.4.3
qt qt 4.5.0
qt qt 4.5.1
qt qt 4.5.2
qt qt 4.5.3
qt qt 4.6.0
qt qt 4.6.1
qt qt 4.6.2
qt qt 4.6.3
qt qt 4.6.4
qt qt 4.6.5
qt qt 4.7.0
qt qt 4.7.1
qt qt 4.7.2
qt qt 4.7.3
qt qt 4.7.4
qt qt 4.7.5
qt qt 4.7.6
qt qt 4.8.0
qt qt 4.8.1
qt qt 4.8.2
qt qt 4.8.3
qt qt 4.8.4
qt qt 4.8.5
qt qt 5.0.0
qt qt 5.0.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "57FBB4FA-43C6-432F-94FD-BAADF4DD7CB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*",
                     matchCriteriaId: "30245B99-C5CB-4FDA-B70F-2CB7FA7BDF43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA9FC7F3-02BD-485A-AA1B-C5067F384683",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBA3424C-8257-445D-A9DC-1CD562651DFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*",
                     matchCriteriaId: "D954A35A-9BB8-4415-910D-C4AAEA2F5664",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "67C5548D-2A34-4AAE-A43F-373D4C7F5B4B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "90E4F51F-52B4-4AB9-926C-EEDAC2052E34",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D6D3319-130D-49BF-8395-90E9F4D8583C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "52D26BBF-106F-48C8-9D57-CF080486DB64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "52BF63BD-E6FA-49AA-9627-7EDAD7939531",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "27EBEAE0-C1DF-46E4-9E2A-B333912A4950",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BCDBB15-4E26-48F0-A266-CA059CFEE596",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A07F27DC-47A4-4EF2-91CC-81863D015B3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "58E53D3A-665D-4EEE-82EF-4EDBD194B475",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A38B91E-698F-4638-BC3B-BD02F3313B70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "76366D45-3604-49D1-BD97-8A9FACEA2171",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEEF60A1-5FF0-465F-A872-62F80899F870",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D5386EE-376B-4773-8687-5314BFF35E41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3AC6465-B459-410E-A5C5-EBFF5C866009",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A12D978-B6FF-4C67-97D4-91A285C47813",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DBD073E-F3E0-4273-81E9-AF010B711F08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D58ACBA-7DF3-403A-AC0E-94749383C750",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D16BB8CE-3871-4DFA-84BB-C089894437D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "FEE12FD7-2FB2-444A-A660-86294646F8A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5596442-5608-439B-8BE6-53A70F20C079",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "29FD745E-4B61-417F-BC66-386877E75351",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "874E217C-98AC-4F0B-B120-D721164912CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3051F46B-E301-4DF7-A89B-4E8495617888",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "510C5795-4E61-470F-BE62-A6732F4F0341",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "342A67CF-B332-46D1-A3FF-604552953C66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A6196C5-BB95-447A-B610-4765AB702F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A505785-5597-4F5D-99A3-D143C1CCBFBD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B307395A-36B6-4F54-92C9-D732580F3EBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "214A1125-FBE9-433D-8B05-10595CD59F24",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "581FF62C-BD93-485C-A5BA-E5EBFEDC45C9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30B4386-B419-46B7-945F-C04F79600708",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.",
      },
      {
         lang: "es",
         value: "La clase QSharedMemory en Qt v5.0.0, v4.8.x anterior a v4.8.5, v4.7.x anterior a v4.7.6, y otras versiones incluida la v4.4.0 utiliza permisos débiles (escritura y lectura para todos los usuarios) para segmentos de memoria compartida, lo que permite a usuarios locales leer informacion sensible o modificar datos críticos del programa, como se demostró mediante la lectura de un pixmap enviado al servidor X.",
      },
   ],
   id: "CVE-2013-0254",
   lastModified: "2024-11-21T01:47:10.020",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 3.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-02-06T12:05:43.647",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0669.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=907425",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0669.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=907425",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-05-08 14:29
Modified
2024-11-21 02:01
Severity ?
Summary
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2015-03/msg00068.htmlThird Party Advisory
secalert@redhat.comhttp://lists.qt-project.org/pipermail/announce/2014-April/000045.htmlVendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/67087Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2626-1Third Party Advisory
secalert@redhat.comhttps://bugs.kde.org/show_bug.cgi?id=333404Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.qt-project.org/pipermail/announce/2014-April/000045.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67087Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2626-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.kde.org/show_bug.cgi?id=333404Issue Tracking, Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE4A22C2-3E1F-41D4-9E72-7F3888DBFFCB",
                     versionEndExcluding: "5.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5991814D-CA77-4C25-90D2-DB542B17E0AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                     matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.",
      },
      {
         lang: "es",
         value: "El decodificador GIF en QtGui en Qt anterior a 5.3 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de valores de ancho y alto inválidos en un imagen GIF.",
      },
   ],
   id: "CVE-2014-0190",
   lastModified: "2024-11-21T02:01:35.813",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-05-08T14:29:13.953",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/67087",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-2626-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.kde.org/show_bug.cgi?id=333404",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/67087",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-2626-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.kde.org/show_bug.cgi?id=333404",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-10-26 14:59
Modified
2024-11-21 02:36
Severity ?
Summary
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.
Impacted products
Vendor Product Version
owncloud owncloud_desktop_client *
qt qt 5.3.0
qt qt 5.4.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:owncloud:owncloud_desktop_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A647DF5-F980-495F-A978-FF2C7CD4932D",
                     versionEndIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2980C52-9843-4A39-B164-76E9583F2D7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate.  NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.",
      },
      {
         lang: "es",
         value: "ownCloud Desktop Client en versiones anteriores a 2.0.1, cuando es compliado con un lanzamiento de Qt en versiones posteriores a 5.3.x, no llama a QNetworkReply::ignoreSslErrors con la lista de errores para ser ignorados, lo que hace más fácil para atacantes remotos llevar a cabo ataques man-in-the-middle (MITM) aprovechando un servidor utilizando un certificado autofirmado. NOTA: esta vulnerabilidad existe a causa de una regresión parcial de CVE-2015-4456.",
      },
   ],
   evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/297.html\" target=\"_blank\">CWE-297: Improper Validation of Certificate with Host Mismatch</a>",
   id: "CVE-2015-7298",
   lastModified: "2024-11-21T02:36:32.430",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-10-26T14:59:10.687",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://owncloud.org/security/advisory/?id=oc-sa-2015-016",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://owncloud.org/security/advisory/?id=oc-sa-2015-016",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-22 03:15
Modified
2024-11-21 08:05
Summary
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B67B902C-4F68-4FD5-8A04-FFF6B1F1A738",
                     versionEndExcluding: "5.15.4",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "513DDB0D-A132-4046-8B49-D2776E585826",
                     versionEndExcluding: "6.2.9",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
                     versionEndExcluding: "6.5.1",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.",
      },
   ],
   id: "CVE-2023-33285",
   lastModified: "2024-11-21T08:05:20.157",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-22T03:15:09.720",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/477644",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/477644",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-12-23 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
References
secalert@redhat.comhttp://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html
secalert@redhat.comhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.html
secalert@redhat.comhttp://secunia.com/advisories/56008Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/56166Vendor Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2057-1
secalert@redhat.comhttps://codereview.qt-project.org/#change%2C71010
secalert@redhat.comhttps://codereview.qt-project.org/#change%2C71368
af854a3a-2127-422b-91ae-364da2661108http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html
af854a3a-2127-422b-91ae-364da2661108http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56008Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56166Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2057-1
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#change%2C71010
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#change%2C71368
Impacted products
Vendor Product Version
digia qt *
qt qt 5.0.0
qt qt 5.0.1
qt qt 5.0.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "73CA5980-1396-4C98-8745-90A8F9767B58",
                     versionEndIncluding: "5.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30B4386-B419-46B7-945F-C04F79600708",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.",
      },
      {
         lang: "es",
         value: "QXmlSimpleReader en Qt anterior a v5.2 permite a los atacantes dependientes del contexto provocar una denegación de servicio (consumo de memoria) mediante un ataque XML Entity Expansion (XEE).",
      },
   ],
   id: "CVE-2013-4549",
   lastModified: "2024-11-21T01:55:48.603",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-12-23T22:55:02.880",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/56008",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/56166",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-2057-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://codereview.qt-project.org/#change%2C71010",
      },
      {
         source: "secalert@redhat.com",
         url: "https://codereview.qt-project.org/#change%2C71368",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/56008",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/56166",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2057-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://codereview.qt-project.org/#change%2C71010",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://codereview.qt-project.org/#change%2C71368",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-11-23 17:15
Modified
2024-11-21 04:53
Summary
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:ax201_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FE813C6-E7E3-47CE-BE67-1CAF309E0FE1",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4649D446-130B-4B31-B9ED-BA7F9F7EEB8F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:ax200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD322BEE-2ECD-4609-83CA-C8872626E971",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9903E2E-A670-40D4-8B9F-D2C0CFDBFC9F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:ac_9560_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18BC7557-FA1D-4167-9603-8FDE808EACAD",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D382D4A1-C8FD-4B47-B2C4-145232EC8AC5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:ac_9462_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0FD0347A-0E52-485A-83A7-A81B49291E83",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E89EB0D-233A-486A-BDAE-F5726432CD7E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:ac_9461_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C08E0594-9993-467A-B4D8-1F1249F60901",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A11E55E8-5FA9-4ED7-AB61-03F22EE1759B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:ac_9260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DAC7879-1154-44B5-BC95-1AF773635972",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:ac_9260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2795E42-D044-4D48-BCB2-61CC1A3471B1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:ac_8265_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B11EBD5-6001-4C17-A8F4-DECAD3A013D5",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:ac_8265:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C08E2F3E-C4B5-4227-A88D-C50E209A12CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:ac_8260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D020CC57-8C1D-45CE-A64B-635D6367FC67",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:ac_8260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5A8F30C-6BB7-4CC6-ADBE-1859DAF66C58",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:ac_3168_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0840C384-D43E-4298-9BD6-664D188D8A33",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:ac_3168:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED5B2BCE-2D8A-440C-B866-76E035314022",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:7265_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D16BDDDC-B281-41BA-802A-E626B472C366",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:7265:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F957A9E7-E2D2-48D7-8E4D-B264A72C59C3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:intel:ac_3165_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B99E6CF2-DB88-496B-B9B2-A533AA537C61",
                     versionEndExcluding: "21.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:ac_3165:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "197A3DA1-B8EF-438F-B933-32253C43C8EE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4FC86A8-54E9-4A65-BE62-13D7D194F5A4",
                     versionEndIncluding: "5.13.2",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.",
      },
      {
         lang: "es",
         value: "Una escritura fuera de límites en los productos Intel® PROSet/Wireless WiFi en Windows 10 puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio de un acceso local",
      },
   ],
   id: "CVE-2020-0569",
   lastModified: "2024-11-21T04:53:46.690",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "ADJACENT_NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.7,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:A/AC:L/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 5.1,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 5.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-11-23T17:15:12.187",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-08-12 02:15
Modified
2024-11-21 06:17
Summary
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
References
cve@mitre.orghttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yamlThird Party Advisory
cve@mitre.orghttps://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862Patch, Third Party Advisory
cve@mitre.orghttps://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccdPatch, Third Party Advisory
cve@mitre.orghttps://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0cPatch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/
cve@mitre.orghttps://security.gentoo.org/glsa/202402-03
cve@mitre.orghttps://wiki.qt.io/Qt_5.15_Release#Known_IssuesIssue Tracking, Release Notes, Vendor Advisory
cve@mitre.orghttps://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holdersRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yamlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccdPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0cPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202402-03
af854a3a-2127-422b-91ae-364da2661108https://wiki.qt.io/Qt_5.15_Release#Known_IssuesIssue Tracking, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holdersRelease Notes
Impacted products
Vendor Product Version
qt qt *
qt qt *
fedoraproject fedora 35
fedoraproject fedora 36



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3DF360C-4ADC-4C67-802D-4E6651BE9782",
                     versionEndExcluding: "5.15.6",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "44ADCFEF-FA24-4424-94C4-A455F8E53CD2",
                     versionEndIncluding: "6.1.2",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).",
      },
      {
         lang: "es",
         value: "Qt 5.x antes de la versión 5.15.6 y 6.x hasta la versión 6.1.2 tiene una escritura fuera de límites en QOutlineMapper::convertPath (llamada desde QRasterPaintEngine::fill y QPaintEngineEx::stroke)",
      },
   ],
   id: "CVE-2021-38593",
   lastModified: "2024-11-21T06:17:36.710",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-08-12T02:15:06.580",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.gentoo.org/glsa/202402-03",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://wiki.qt.io/Qt_5.15_Release#Known_Issues",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202402-03",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://wiki.qt.io/Qt_5.15_Release#Known_Issues",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-12 17:15
Modified
2024-11-21 07:26
Summary
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
Impacted products
Vendor Product Version
qt qt 6.3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B80CA217-D896-4BCF-B385-582CDF21DAD6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.",
      },
      {
         lang: "es",
         value: "Existe una vulnerabilidad de desbordamiento de búfer en la API QML QtScript Reflect de Qt Project Qt 6.3.2. Un código JavaScript especialmente manipulado puede desencadenar un acceso a la memoria fuera de los límites, lo que puede provocar la ejecución de código arbitrario. La aplicación de destino necesitaría acceder a una página web maliciosa para activar esta vulnerabilidad.",
      },
   ],
   id: "CVE-2022-43591",
   lastModified: "2024-11-21T07:26:50.243",
   metrics: {
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "talos-cna@cisco.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-12T17:15:09.523",
   references: [
      {
         source: "talos-cna@cisco.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
      },
   ],
   sourceIdentifier: "talos-cna@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-122",
            },
         ],
         source: "talos-cna@cisco.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-02-24 19:55
Modified
2024-11-21 01:44
Severity ?
Summary
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
secalert@redhat.comhttp://lists.qt-project.org/pipermail/announce/2012-November/000014.html
secalert@redhat.comhttp://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71
secalert@redhat.comhttp://secunia.com/advisories/52217Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/12/04/8
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1723-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=883415
secalert@redhat.comhttps://codereview.qt-project.org/#change%2C40034
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
af854a3a-2127-422b-91ae-364da2661108http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
af854a3a-2127-422b-91ae-364da2661108http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52217Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/12/04/8
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1723-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=883415
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#change%2C40034
Impacted products
Vendor Product Version
digia qt *
qt qt 1.41
qt qt 1.42
qt qt 1.43
qt qt 1.44
qt qt 1.45
qt qt 2.0.0
qt qt 2.0.1
qt qt 2.0.2
qt qt 3.3.0
qt qt 3.3.1
qt qt 3.3.2
qt qt 3.3.3
qt qt 3.3.4
qt qt 3.3.5
qt qt 3.3.6
qt qt 4.0.0
qt qt 4.0.1
qt qt 4.1.0
qt qt 4.1.1
qt qt 4.1.2
qt qt 4.1.3
qt qt 4.1.4
qt qt 4.1.5
qt qt 4.2.0
qt qt 4.2.1
qt qt 4.2.3
qt qt 4.3.0
qt qt 4.3.1
qt qt 4.3.2
qt qt 4.3.3
qt qt 4.3.4
qt qt 4.3.5
qt qt 4.4.0
qt qt 4.4.1
qt qt 4.4.2
qt qt 4.4.3
qt qt 4.5.0
qt qt 4.5.1
qt qt 4.5.2
qt qt 4.5.3
qt qt 4.6.0
qt qt 4.6.0
qt qt 4.6.1
qt qt 4.6.2
qt qt 4.6.3
qt qt 4.6.4
qt qt 4.6.5
qt qt 4.6.5
qt qt 4.7.0
qt qt 4.7.1
qt qt 4.7.2
qt qt 4.7.3
qt qt 4.7.4
qt qt 4.7.5
qt qt 4.7.6
qt qt 4.7.6
qt qt 4.8.0
qt qt 4.8.1
qt qt 4.8.2
canonical ubuntu_linux 10.04
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F547829-91BE-4BF6-A19E-E592BC15FD8A",
                     versionEndIncluding: "4.8.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "57FBB4FA-43C6-432F-94FD-BAADF4DD7CB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*",
                     matchCriteriaId: "30245B99-C5CB-4FDA-B70F-2CB7FA7BDF43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA9FC7F3-02BD-485A-AA1B-C5067F384683",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBA3424C-8257-445D-A9DC-1CD562651DFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*",
                     matchCriteriaId: "D954A35A-9BB8-4415-910D-C4AAEA2F5664",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "67C5548D-2A34-4AAE-A43F-373D4C7F5B4B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "90E4F51F-52B4-4AB9-926C-EEDAC2052E34",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D6D3319-130D-49BF-8395-90E9F4D8583C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "52D26BBF-106F-48C8-9D57-CF080486DB64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "52BF63BD-E6FA-49AA-9627-7EDAD7939531",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "27EBEAE0-C1DF-46E4-9E2A-B333912A4950",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BCDBB15-4E26-48F0-A266-CA059CFEE596",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A07F27DC-47A4-4EF2-91CC-81863D015B3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "58E53D3A-665D-4EEE-82EF-4EDBD194B475",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A38B91E-698F-4638-BC3B-BD02F3313B70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "76366D45-3604-49D1-BD97-8A9FACEA2171",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEEF60A1-5FF0-465F-A872-62F80899F870",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D5386EE-376B-4773-8687-5314BFF35E41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3AC6465-B459-410E-A5C5-EBFF5C866009",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A12D978-B6FF-4C67-97D4-91A285C47813",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DBD073E-F3E0-4273-81E9-AF010B711F08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D58ACBA-7DF3-403A-AC0E-94749383C750",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D16BB8CE-3871-4DFA-84BB-C089894437D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "FEE12FD7-2FB2-444A-A660-86294646F8A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5596442-5608-439B-8BE6-53A70F20C079",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "29FD745E-4B61-417F-BC66-386877E75351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "82A767D8-6194-4ED5-B9BE-2A14541C141F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "874E217C-98AC-4F0B-B120-D721164912CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3051F46B-E301-4DF7-A89B-4E8495617888",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "510C5795-4E61-470F-BE62-A6732F4F0341",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.5:rc:*:*:*:*:*:*",
                     matchCriteriaId: "88365332-FA7E-42A6-BC52-4517EAAC90B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "342A67CF-B332-46D1-A3FF-604552953C66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A6196C5-BB95-447A-B610-4765AB702F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A505785-5597-4F5D-99A3-D143C1CCBFBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*",
                     matchCriteriaId: "6E5EF3D1-6BD5-4488-A18C-79E26E87CFA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B307395A-36B6-4F54-92C9-D732580F3EBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "214A1125-FBE9-433D-8B05-10595CD59F24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
                     matchCriteriaId: "7118F616-25CA-4E34-AA13-4D14BB62419F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
                     matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.",
      },
      {
         lang: "es",
         value: "El objeto XMLHttpRequest en Qt anterior a v4.8.4 permite la redirección http al fichero scheme, lo que permite llevar a atacantes de hombre-en-medio (man-in-the-middle) forzar la lectura de ficheros locales arbitrarios y posiblemente obtener información sensible mediante un fichero: URL para una aplicación QML.",
      },
   ],
   evaluatorComment: "Per http://www.ubuntu.com/usn/USN-1723-1/\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n    Ubuntu 12.10\r\n    Ubuntu 12.04 LTS\r\n    Ubuntu 11.10\r\n    Ubuntu 10.04 LTS\r\n",
   id: "CVE-2012-5624",
   lastModified: "2024-11-21T01:44:59.663",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2013-02-24T19:55:00.830",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52217",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/12/04/8",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1723-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
      },
      {
         source: "secalert@redhat.com",
         url: "https://codereview.qt-project.org/#change%2C40034",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52217",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/12/04/8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1723-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://codereview.qt-project.org/#change%2C40034",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-22 15:15
Modified
2024-11-21 06:21
Summary
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
Impacted products
Vendor Product Version
qt qt 5.15.1
qt qt 6.0.0
qt qt 6.0.2
qt qt 6.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA7FCB6B-872F-4900-A2CF-192AFECC4DFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "C0A66DBD-439D-45EA-BC80-502314D5B0AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC14C9CB-1965-4659-8254-17EAB448616D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.2.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "2B6E9814-F9BA-4A0C-8420-DAAB4A810567",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un fallo en Qt. Se encontró una vulnerabilidad de lectura fuera de límites en QRadialFetchSimd en el archivo qt/qtbase/src/gui/painting/qdrawhelper_p.h en Qt/Qtbase. Este fallo puede conllevar a un acceso no autorizado a la memoria al renderizar y mostrar un archivo Scalable Vector Graphics (SVG) diseñado. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad de la aplicación.",
      },
   ],
   id: "CVE-2021-3481",
   lastModified: "2024-11-21T06:21:38.847",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-22T15:15:13.363",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-3481",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-91507",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1931444",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtsvg/+/337646",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-3481",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-91507",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1931444",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtsvg/+/337646",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-08-09 22:15
Modified
2024-11-21 05:16
Summary
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
Impacted products
Vendor Product Version
qt qt *
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CEF5E43-A4E5-4B8F-A8FC-F61ED68F2838",
                     versionEndExcluding: "5.12.7",
                     versionStartIncluding: "5.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7FE43F06-DFE8-466D-A9BC-FEA2B1BC069B",
                     versionEndIncluding: "5.13.2",
                     versionStartIncluding: "5.13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.",
      },
      {
         lang: "es",
         value: "Es corregido un problema en Qt versiones 5.14.0, donde la función QPluginLoader intenta cargar plugins relativos al directorio de trabajo, permitiendo a atacantes ejecutar código arbitrario por medio de archivos diseñados",
      },
   ],
   id: "CVE-2020-24742",
   lastModified: "2024-11-21T05:16:00.333",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-08-09T22:15:08.607",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/280730",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/280730",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:50
Summary
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.htmlPatch, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2135
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3390
cve@mitre.orghttps://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Third Party Advisory
cve@mitre.orghttps://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Third Party Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/236691/Patch, Third Party Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/236691/Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/01/msg00004.htmlThird Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
cve@mitre.orghttps://usn.ubuntu.com/4003-1/
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4374Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2135
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3390
af854a3a-2127-422b-91ae-364da2661108https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/236691/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/236691/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/01/msg00004.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4003-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4374Third Party Advisory
Impacted products
Vendor Product Version
qt qt *
debian debian_linux 8.0
debian debian_linux 9.0
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F92505F4-3A07-4D80-B85F-F4D3B351A92F",
                     versionEndExcluding: "5.11.3",
                     versionStartIncluding: "5.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.",
      },
      {
         lang: "es",
         value: "QXmlStream en Qt 5.x en versiones anteriores a la 5.11.3 tiene una doble liberación (double free) o una corrupción durante el análisis de un documento XML ilegal especialmente manipulado.",
      },
   ],
   id: "CVE-2018-15518",
   lastModified: "2024-11-21T03:50:59.723",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-26T21:29:00.823",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2019:2135",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2019:3390",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/236691/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/236691/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4003-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4374",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:2135",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:3390",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/236691/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/236691/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4003-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4374",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-415",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:58
Summary
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
References
cve@mitre.orghttp://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Patch, Vendor Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://bugreports.qt.io/browse/QTBUG-69449Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/09/msg00024.html
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/
cve@mitre.orghttps://usn.ubuntu.com/4275-1/
af854a3a-2127-422b-91ae-364da2661108http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugreports.qt.io/browse/QTBUG-69449Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4275-1/
Impacted products
Vendor Product Version
qt qt 5.11.0
opensuse leap 15.0
fedoraproject fedora 28
fedoraproject fedora 29
fedoraproject fedora 30



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C6827E6-7B15-423D-89C2-46B5E2D35961",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en Qt 5.11. Una imagen PPM mal formada provoca una división entre cero y un cierre inesperado en qppmhandler.cpp.",
      },
   ],
   id: "CVE-2018-19872",
   lastModified: "2024-11-21T03:58:43.690",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-03-21T16:00:32.953",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-69449",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4275-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-69449",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4275-1/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-369",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-08-12 18:15
Modified
2024-11-21 05:08
Summary
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.htmlBroken Link
cve@mitre.orghttps://codereview.qt-project.org/c/qt/qtbase/+/308436Mailing List, Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/c/qt/qtbase/+/308495Mailing List, Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/c/qt/qtbase/+/308496Mailing List, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/09/msg00023.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/09/msg00024.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
cve@mitre.orghttps://security.gentoo.org/glsa/202009-04Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/c/qt/qtbase/+/308436Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/c/qt/qtbase/+/308495Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/c/qt/qtbase/+/308496Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/09/msg00023.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/09/msg00024.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202009-04Third Party Advisory
Impacted products
Vendor Product Version
qt qt *
qt qt *
debian debian_linux 9.0
fedoraproject fedora 31
fedoraproject fedora 32



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2C737E0-DF07-47D9-AF8B-664A3857246A",
                     versionEndIncluding: "5.12.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AE6A48D-B484-4F13-861F-EFDB09D2A0FB",
                     versionEndExcluding: "5.15.1",
                     versionStartIncluding: "5.13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en Qt versiones hasta 5.12.9 y versiones 5.13.x hasta 5.15.x anteriores a 5.15.1. La función read_xbm_body en el archivo gui/image/qxbmhandler.cpp presenta una lectura excesiva del búfer",
      },
   ],
   id: "CVE-2020-17507",
   lastModified: "2024-11-21T05:08:15.007",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-08-12T18:15:17.637",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202009-04",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202009-04",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-06-16 00:55
Modified
2024-11-21 01:29
Severity ?
Summary
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2011-1323.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2011-1328.html
secalert@redhat.comhttp://secunia.com/advisories/46128Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/46140Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/46187Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/46371Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/46410Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/49383Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/49895Vendor Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201206-02.xml
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/08/22/6
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/08/24/8
secalert@redhat.comhttp://www.osvdb.org/75653
secalert@redhat.comhttp://www.securityfocus.com/bid/49724
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1504-1
secalert@redhat.comhttps://bugzilla.novell.com/show_bug.cgi?id=637275
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/69975
secalert@redhat.comhttps://hermes.opensuse.org/messages/12056605
secalert@redhat.comhttps://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2011-1323.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2011-1328.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46128Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46140Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46187Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46371Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46410Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49383Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49895Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201206-02.xml
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/08/22/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/08/24/8
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/75653
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/49724
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1504-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.novell.com/show_bug.cgi?id=637275
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/69975
af854a3a-2127-422b-91ae-364da2661108https://hermes.opensuse.org/messages/12056605
af854a3a-2127-422b-91ae-364da2661108https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465
Impacted products
Vendor Product Version
qt qt 4.7.4



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A6196C5-BB95-447A-B610-4765AB702F96",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.",
      },
      {
         lang: "es",
         value: "Desbordamiento de buffer en el lector de TIFF de gui/image/qtiffhandler.cpp de Qt 4.7.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la etiqueta TIFFTAG_SAMPLESPERPIXEL de una imagen en escala de grises TIFF con múltiples muestras por pixel.",
      },
   ],
   id: "CVE-2011-3194",
   lastModified: "2024-11-21T01:29:57.193",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2012-06-16T00:55:04.733",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2011-1323.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2011-1328.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46128",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46140",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46187",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46371",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46410",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49383",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49895",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-201206-02.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2011/08/22/6",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2011/08/24/8",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.osvdb.org/75653",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/49724",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1504-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.novell.com/show_bug.cgi?id=637275",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975",
      },
      {
         source: "secalert@redhat.com",
         url: "https://hermes.opensuse.org/messages/12056605",
      },
      {
         source: "secalert@redhat.com",
         url: "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2011-1323.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2011-1328.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46128",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46140",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46187",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46371",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46410",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49383",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49895",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-201206-02.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2011/08/22/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2011/08/24/8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/75653",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/49724",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1504-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.novell.com/show_bug.cgi?id=637275",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://hermes.opensuse.org/messages/12056605",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2006-10-18 17:07
Modified
2024-11-21 00:16
Severity ?
Summary
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.
References
secalert@redhat.comftp://patches.sgi.com/support/free/security/advisories/20061002-01-P
secalert@redhat.comftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
secalert@redhat.comhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742
secalert@redhat.comhttp://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html
secalert@redhat.comhttp://secunia.com/advisories/22380Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22397Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22479Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22485Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22492Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22520Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22579Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22586Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22589Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22645Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22738Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22890Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22929Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24347Vendor Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200611-02.xml
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200703-06.xml
secalert@redhat.comhttp://securitytracker.com/id?1017084
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:186
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:187
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0720.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0725.htmlVendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/449173/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/20599
secalert@redhat.comhttp://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-368-1Patch
secalert@redhat.comhttp://www.us.debian.org/security/2006/dsa-1200
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/4099Vendor Advisory
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-723
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742
af854a3a-2127-422b-91ae-364da2661108http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22380Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22397Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22479Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22485Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22492Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22520Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22579Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22586Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22589Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22645Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22738Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22890Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22929Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24347Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200611-02.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200703-06.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017084
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:186
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:187
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0720.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0725.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449173/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20599
af854a3a-2127-422b-91ae-364da2661108http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-368-1Patch
af854a3a-2127-422b-91ae-364da2661108http://www.us.debian.org/security/2006/dsa-1200
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4099Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-723
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218
Impacted products
Vendor Product Version
qt qt 3.3.0
qt qt 3.3.1
qt qt 3.3.2
qt qt 3.3.3
qt qt 3.3.4
qt qt 3.3.5
qt qt 3.3.6
qt qt 4.1.0
qt qt 4.1.1
qt qt 4.1.2
qt qt 4.1.3
qt qt 4.1.4
qt qt 4.2.0
redhat kdelibs 3.1.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "52D26BBF-106F-48C8-9D57-CF080486DB64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "52BF63BD-E6FA-49AA-9627-7EDAD7939531",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "27EBEAE0-C1DF-46E4-9E2A-B333912A4950",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BCDBB15-4E26-48F0-A266-CA059CFEE596",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A07F27DC-47A4-4EF2-91CC-81863D015B3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "58E53D3A-665D-4EEE-82EF-4EDBD194B475",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A38B91E-698F-4638-BC3B-BD02F3313B70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "76366D45-3604-49D1-BD97-8A9FACEA2171",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEEF60A1-5FF0-465F-A872-62F80899F870",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D5386EE-376B-4773-8687-5314BFF35E41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3AC6465-B459-410E-A5C5-EBFF5C866009",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:kdelibs:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A5C548D-9A33-431C-9022-512B4B2DEC0D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.",
      },
      {
         lang: "es",
         value: "El desbordamiento de enteros en el Qt 3.3 versiones anteriores a 3.3.7, 4.1 anteriores a 4.1.5, y 4.2 anteriores a 4.2.1, como el usado en la librería KDE khtml, kdelibs 3.1.3, y, posiblemente otros paquetes, permite a los atacantes remotos causar la denegación de servicio (caída) y la posibilidad de ejecutar código de su elección mediante una imagen pixmap manipulada.",
      },
   ],
   id: "CVE-2006-4811",
   lastModified: "2024-11-21T00:16:48.593",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2006-10-18T17:07:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P",
      },
      {
         source: "secalert@redhat.com",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P",
      },
      {
         source: "secalert@redhat.com",
         url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22380",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22397",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22479",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22485",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22492",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22520",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22579",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22586",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22589",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22645",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22738",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22890",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22929",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/24347",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-200611-02.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-200703-06.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1017084",
      },
      {
         source: "secalert@redhat.com",
         url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2006-0720.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2006-0725.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/449173/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/20599",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.ubuntu.com/usn/usn-368-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.us.debian.org/security/2006/dsa-1200",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2006/4099",
      },
      {
         source: "secalert@redhat.com",
         url: "https://issues.rpath.com/browse/RPL-723",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22380",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22397",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22479",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22485",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22492",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22520",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22579",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22586",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22589",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22645",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22738",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22890",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22929",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/24347",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200611-02.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200703-06.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1017084",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2006-0720.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2006-0725.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/449173/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/20599",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.ubuntu.com/usn/usn-368-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.us.debian.org/security/2006/dsa-1200",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2006/4099",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://issues.rpath.com/browse/RPL-723",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vendorComments: [
      {
         comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
         lastModified: "2007-03-14T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-189",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-28 23:15
Modified
2024-11-21 08:03
Summary
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "006030F9-35BF-489D-8C3F-14ECF93518C3",
                     versionEndExcluding: "5.15.14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "513DDB0D-A132-4046-8B49-D2776E585826",
                     versionEndExcluding: "6.2.9",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
                     versionEndExcluding: "6.5.1",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.",
      },
   ],
   id: "CVE-2023-32762",
   lastModified: "2024-11-21T08:03:59.967",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2023-05-28T23:15:09.570",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/476140",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
         ],
         url: "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/476140",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
         ],
         url: "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2024-11-21 02:26
Severity ?
Summary
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlPatch, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlThird Party Advisory
secalert@redhat.comhttp://lists.qt-project.org/pipermail/announce/2015-April/000067.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/74309Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2626-1
secalert@redhat.comhttps://codereview.qt-project.org/#/c/108312/Patch
secalert@redhat.comhttps://security.gentoo.org/glsa/201603-10
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.qt-project.org/pipermail/announce/2015-April/000067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74309Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2626-1
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/108312/Patch
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201603-10
Impacted products
Vendor Product Version
digia qt *
qt qt 5.0.0
qt qt 5.0.1
qt qt 5.0.2
qt qt 5.1.0
qt qt 5.2.0
qt qt 5.2.1
qt qt 5.3.0
qt qt 5.4.1
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 22



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "86E76F78-582E-4473-BF2F-70452F0B6AD5",
                     versionEndIncluding: "4.8.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30B4386-B419-46B7-945F-C04F79600708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E42429B-0123-428E-AD62-23000CDF7343",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2980C52-9843-4A39-B164-76E9583F2D7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                     matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.",
      },
      {
         lang: "es",
         value: "Múltiples desbordamientos del buffer en gui/image/qbmphandler.cpp en el módulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegación de servicio (fallo de segmentación y caída) y posiblemente ejecutar código arbitrario a través de una imagen BMP manipulada.",
      },
   ],
   id: "CVE-2015-1858",
   lastModified: "2024-11-21T02:26:17.027",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2015-05-12T19:59:04.880",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/74309",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-2626-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/#/c/108312/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.gentoo.org/glsa/201603-10",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/74309",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2626-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/#/c/108312/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201603-10",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-06-29 19:55
Modified
2024-11-21 01:22
Severity ?
Summary
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
secalert@redhat.comhttp://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0Exploit, Patch
secalert@redhat.comhttp://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369ePatch
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0880.html
secalert@redhat.comhttp://secunia.com/advisories/41236Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/49604Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/49895Vendor Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1504-1
secalert@redhat.comhttp://www.westpoint.ltd.uk/advisories/wp-10-0001.txt
secalert@redhat.comhttps://bugreports.qt-project.org/browse/QTBUG-4455
af854a3a-2127-422b-91ae-364da2661108http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369ePatch
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0880.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41236Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49604Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49895Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1504-1
af854a3a-2127-422b-91ae-364da2661108http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt
af854a3a-2127-422b-91ae-364da2661108https://bugreports.qt-project.org/browse/QTBUG-4455
Impacted products
Vendor Product Version
digia qt *
qt qt 4.0.0
qt qt 4.0.1
qt qt 4.1.0
qt qt 4.1.1
qt qt 4.1.2
qt qt 4.1.3
qt qt 4.1.4
qt qt 4.1.5
qt qt 4.2.0
qt qt 4.2.1
qt qt 4.2.3
qt qt 4.3.0
qt qt 4.3.1
qt qt 4.3.2
qt qt 4.3.3
qt qt 4.3.4
qt qt 4.3.5
qt qt 4.4.0
qt qt 4.4.1
qt qt 4.4.2
qt qt 4.4.3
qt qt 4.5.0
qt qt 4.5.1
qt qt 4.5.2
qt qt 4.5.3
qt qt 4.6.0
qt qt 4.6.0
qt qt 4.6.1
qt qt 4.6.2
qt qt 4.6.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5547662-C2D8-48C6-B1A5-7F929772EAA9",
                     versionEndIncluding: "4.6.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A38B91E-698F-4638-BC3B-BD02F3313B70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "76366D45-3604-49D1-BD97-8A9FACEA2171",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEEF60A1-5FF0-465F-A872-62F80899F870",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D5386EE-376B-4773-8687-5314BFF35E41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3AC6465-B459-410E-A5C5-EBFF5C866009",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A12D978-B6FF-4C67-97D4-91A285C47813",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DBD073E-F3E0-4273-81E9-AF010B711F08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D58ACBA-7DF3-403A-AC0E-94749383C750",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D16BB8CE-3871-4DFA-84BB-C089894437D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "FEE12FD7-2FB2-444A-A660-86294646F8A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5596442-5608-439B-8BE6-53A70F20C079",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "29FD745E-4B61-417F-BC66-386877E75351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "82A767D8-6194-4ED5-B9BE-2A14541C141F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "874E217C-98AC-4F0B-B120-D721164912CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3051F46B-E301-4DF7-A89B-4E8495617888",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.",
      },
      {
         lang: "es",
         value: "QSslSocket de Qt anteriores a 4.7.0-rc1 reconoce direcciones IP comodín en el campo \"Common Name\" del \"subject\" de un certificado X.509, lo que permite a atacantes \"man-in-the-middle\" suplantar servidores SSL arbitrarios a través de un certificado modificado suministrado por una autoridad de certificación legítima.",
      },
   ],
   id: "CVE-2010-5076",
   lastModified: "2024-11-21T01:22:27.087",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-06-29T19:55:01.563",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0880.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/41236",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49604",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49895",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1504-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugreports.qt-project.org/browse/QTBUG-4455",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0880.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/41236",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49604",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49895",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1504-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugreports.qt-project.org/browse/QTBUG-4455",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-09 00:15
Modified
2024-11-21 05:02
Summary
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://bugreports.qt.io/browse/QTBUG-83450Issue Tracking, Vendor Advisory
cve@mitre.orghttps://github.com/mumble-voip/mumble/issues/3679Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/mumble-voip/mumble/pull/4032Patch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/
cve@mitre.orghttps://security.gentoo.org/glsa/202007-18Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugreports.qt.io/browse/QTBUG-83450Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/mumble-voip/mumble/issues/3679Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/mumble-voip/mumble/pull/4032Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202007-18Third Party Advisory
Impacted products
Vendor Product Version
mumble mumble 1.3.0
qt qt *
qt qt *
qt qt *
fedoraproject fedora 31
fedoraproject fedora 32
fedoraproject fedora 33
opensuse leap 15.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mumble:mumble:1.3.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "24EBDE3F-51DC-4E90-B214-5370E19D7653",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF9AB8E0-BB7E-4EC8-991F-2A2D826B0032",
                     versionEndExcluding: "5.12.9",
                     versionStartIncluding: "5.12.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7FE43F06-DFE8-466D-A9BC-FEA2B1BC069B",
                     versionEndIncluding: "5.13.2",
                     versionStartIncluding: "5.13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "044BF1F4-4129-47C8-BEF5-DD15555D9A98",
                     versionEndIncluding: "5.14.2",
                     versionStartIncluding: "5.14.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
      },
      {
         lang: "es",
         value: "Qt versiones 5.12.2 hasta 5.14.2, como es usado en compilaciones no oficiales de Mumble versión 1.3.0 y otros productos, maneja inapropiadamente la cola de errores de OpenSSL, lo que puede ser capaz de causar una denegación de servicio a usuarios de QSslSocket. Debido a que los errores se filtran en sesiones TLS no relacionadas, una sesión no relacionada puede ser desconectada cuando se comete un fallo en cualquier protocolo de enlace. (Mumble versión 1.3.1 no está afectado, independientemente de la versión Qt)",
      },
   ],
   id: "CVE-2020-13962",
   lastModified: "2024-11-21T05:02:14.947",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-09T00:15:10.123",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-83450",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/mumble-voip/mumble/issues/3679",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/mumble-voip/mumble/pull/4032",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202007-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-83450",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/mumble-voip/mumble/issues/3679",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/mumble-voip/mumble/pull/4032",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202007-18",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-05 11:29
Modified
2024-11-21 03:58
Summary
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
References
cve@mitre.orghttp://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Release Notes, Vendor Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/243666/Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/244569/Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/244687/Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/244845/Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/245283/Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/245293/Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/245312/Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/245638/Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/245640/Patch, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/246630/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/243666/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/244569/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/244687/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/244845/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/245283/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/245293/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/245312/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/245638/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/245640/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/246630/Patch, Vendor Advisory
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *
qt qt *
qt qt 5.8.0
opensuse leap 15.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "29ED6A3C-675B-4254-B941-FD2E0CAE94CD",
                     versionEndIncluding: "5.7.1",
                     versionStartIncluding: "5.7.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50D8AFDB-623E-4CE6-B74F-B99139FAC3D0",
                     versionEndIncluding: "5.9.7",
                     versionStartIncluding: "5.9.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADA1C96C-68EA-431D-8FDA-394C20160C7E",
                     versionEndIncluding: "5.10.1",
                     versionStartIncluding: "5.10.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "97E1D882-E815-43F3-ACE6-0F4E31F604EC",
                     versionEndExcluding: "5.11.3",
                     versionStartIncluding: "5.11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DD2FCA0-F628-4164-8D32-8191A3004AFD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema de registro de pulsaciones del teclado en Virtual Keyboard en Qt, en versiones 5.7.x, 5.8.x, 5.9.x, 5.10.x y versiones 5.11.x anteriores a la 5.11.3.",
      },
   ],
   id: "CVE-2018-19865",
   lastModified: "2024-11-21T03:58:43.040",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-05T11:29:06.017",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/243666/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/244569/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/244687/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/244845/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/245283/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/245293/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/245312/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/245638/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/245640/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/246630/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/243666/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/244569/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/244687/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/244845/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/245283/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/245293/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/245312/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/245638/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/245640/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/246630/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-01-09 16:29
Modified
2024-11-21 02:25
Summary
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
Impacted products
Vendor Product Version
google chrome *
qt qt *
opensuse leap 42.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B0AC37-F785-404C-A69F-FA77E586466D",
                     versionEndExcluding: "44.0.2403.89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DA8BCF4-1157-44BF-A11E-FC3C73204392",
                     versionEndExcluding: "5.5.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.",
      },
      {
         lang: "es",
         value: "El motor Google V8, tal y como se utiliza en Google Chrome en versiones anteriores a la 44.0.2403.89 y QtWebEngineCore en Qt en versiones anteriores a la 5.5.1, permiten que atacantes remotos provoquen una denegación de servicio (corrupción de memoria) o ejecuten código arbitrario mediante un sitio web manipulado.",
      },
   ],
   id: "CVE-2015-1290",
   lastModified: "2024-11-21T02:25:05.080",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-01-09T16:29:00.257",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://bugs.chromium.org/p/chromium/issues/detail?id=505374",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://codereview.chromium.org/1233453004",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.chromium.org/p/chromium/issues/detail?id=505374",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://codereview.chromium.org/1233453004",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2010-07-02 20:30
Modified
2024-11-21 01:17
Severity ?
Summary
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
Impacted products
Vendor Product Version
digia qt *
qt qt 4.0.0
qt qt 4.0.1
qt qt 4.1.0
qt qt 4.1.1
qt qt 4.1.2
qt qt 4.1.3
qt qt 4.1.4
qt qt 4.1.5
qt qt 4.2.0
qt qt 4.2.1
qt qt 4.2.3
qt qt 4.3.0
qt qt 4.3.1
qt qt 4.3.2
qt qt 4.3.3
qt qt 4.3.4
qt qt 4.3.5
qt qt 4.4.0
qt qt 4.4.1
qt qt 4.4.2
qt qt 4.4.3
qt qt 4.5.0
qt qt 4.5.1
qt qt 4.5.2
qt qt 4.5.3
qt qt 4.6.0
qt qt 4.6.0
qt qt 4.6.1
qt qt 4.6.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9AE2922-1C8A-453D-BC5F-5F158DEB8607",
                     versionEndIncluding: "4.6.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A38B91E-698F-4638-BC3B-BD02F3313B70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "76366D45-3604-49D1-BD97-8A9FACEA2171",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEEF60A1-5FF0-465F-A872-62F80899F870",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D5386EE-376B-4773-8687-5314BFF35E41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3AC6465-B459-410E-A5C5-EBFF5C866009",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A12D978-B6FF-4C67-97D4-91A285C47813",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DBD073E-F3E0-4273-81E9-AF010B711F08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D58ACBA-7DF3-403A-AC0E-94749383C750",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D16BB8CE-3871-4DFA-84BB-C089894437D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "FEE12FD7-2FB2-444A-A660-86294646F8A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5596442-5608-439B-8BE6-53A70F20C079",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "29FD745E-4B61-417F-BC66-386877E75351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "82A767D8-6194-4ED5-B9BE-2A14541C141F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "874E217C-98AC-4F0B-B120-D721164912CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3051F46B-E301-4DF7-A89B-4E8495617888",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.",
      },
      {
         lang: "es",
         value: "La función QSslSocketBackendPrivate::transmit en src_network_ssl_qsslsocket_openssl.cpp en Qt v4.6.3 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una solicitud mal formada.",
      },
   ],
   id: "CVE-2010-2621",
   lastModified: "2024-11-21T01:17:01.280",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2010-07-02T20:30:01.707",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://aluigi.org/adv/qtsslame-adv.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://aluigi.org/poc/qtsslame.zip",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/65860",
      },
      {
         source: "cve@mitre.org",
         url: "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/40389",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46410",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/41250",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1657",
      },
      {
         source: "cve@mitre.org",
         url: "https://hermes.opensuse.org/messages/12056605",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://aluigi.org/adv/qtsslame-adv.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://aluigi.org/poc/qtsslame.zip",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/65860",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/40389",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46410",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/41250",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1657",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://hermes.opensuse.org/messages/12056605",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-06-16 00:55
Modified
2024-11-21 01:29
Severity ?
Summary
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
References
secalert@redhat.comhttp://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65Patch, Third Party Advisory
secalert@redhat.comhttp://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08Patch, Third Party Advisory
secalert@redhat.comhttp://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0Patch, Vendor Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2011-10/msg00007.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2011-10/msg00008.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2011-1323.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2011-1324.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2011-1325.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2011-1326.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2011-1327.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2011-1328.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/41537Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/46117Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/46118Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/46119Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/46128Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/46371Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/46410Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/49895Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/08/22/6Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/08/24/8Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/08/25/1Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.osvdb.org/75652Broken Link
secalert@redhat.comhttp://www.securityfocus.com/bid/49723Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1504-1Third Party Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/69991Third Party Advisory, VDB Entry
secalert@redhat.comhttps://hermes.opensuse.org/messages/12056605Broken Link
secalert@redhat.comhttps://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775cBroken Link
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2011-1323.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2011-1324.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2011-1325.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2011-1326.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2011-1327.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2011-1328.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41537Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46117Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46118Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46119Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46128Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46371Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46410Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49895Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/08/22/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/08/24/8Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/08/25/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/75652Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/49723Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1504-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/69991Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://hermes.opensuse.org/messages/12056605Broken Link
af854a3a-2127-422b-91ae-364da2661108https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775cBroken Link



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "933243F1-16BB-40A7-8F91-675FACE96F76",
                     versionEndExcluding: "1.25.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E702DDB3-3A75-44E7-B458-1000C82ECC63",
                     versionEndExcluding: "4.7.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
                     matchCriteriaId: "01EDA41C-6B2E-49AF-B503-EB3882265C11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF49D26F-142E-468B-87C1-BABEA445255C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3BEEC943-452C-4A19-B492-5EC8ADE427CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B5DCF29-6830-45FF-BC88-17E2249C653D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE554781-1EB9-446E-911F-6C11970C47F4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.",
      },
      {
         lang: "es",
         value: "Desbordamiento de buffer de memoria dinámica en la función Lookup_MarkMarkPos del módulo HarfBuzz (harfbuzz-gpos.c), tal como se usa en Qt anteriores a 4.7.4 y Pango. Permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo de fuentes modificado.",
      },
   ],
   id: "CVE-2011-3193",
   lastModified: "2024-11-21T01:29:57.030",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2012-06-16T00:55:03.297",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1323.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1324.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1325.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1326.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1327.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1328.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41537",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46117",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46118",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46119",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46128",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46371",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46410",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/49895",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2011/08/22/6",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2011/08/24/8",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2011/08/25/1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.osvdb.org/75652",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/49723",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-1504-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "https://hermes.opensuse.org/messages/12056605",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1323.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1324.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1325.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1326.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1327.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2011-1328.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41537",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46117",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46118",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46119",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46128",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46371",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/46410",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/49895",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2011/08/22/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2011/08/24/8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2011/08/25/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.osvdb.org/75652",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/49723",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-1504-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://hermes.opensuse.org/messages/12056605",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:58
Summary
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2135
cve@mitre.orghttps://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Release Notes, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/234142/Issue Tracking, Patch, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/10/msg00035.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2135
af854a3a-2127-422b-91ae-364da2661108https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/234142/Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html
Impacted products
Vendor Product Version
qt qt *
opensuse leap 15.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "09F12149-EFFA-4F50-948E-DBDEE0486972",
                     versionEndExcluding: "5.11.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen SVG mal formada provoca un fallo de segmentación en qsvghandler.cpp.",
      },
   ],
   id: "CVE-2018-19869",
   lastModified: "2024-11-21T03:58:43.210",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-26T21:29:02.357",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2019:2135",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/234142/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:2135",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/234142/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2024-11-21 02:26
Severity ?
Summary
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlPatch, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.htmlThird Party Advisory
secalert@redhat.comhttp://lists.qt-project.org/pipermail/announce/2015-April/000067.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/74302Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2626-1
secalert@redhat.comhttps://codereview.qt-project.org/#/c/108248/Patch
secalert@redhat.comhttps://security.gentoo.org/glsa/201603-10
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.qt-project.org/pipermail/announce/2015-April/000067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74302Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2626-1
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/108248/Patch
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201603-10
Impacted products
Vendor Product Version
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 22
digia qt *
qt qt 5.0.0
qt qt 5.0.1
qt qt 5.0.2
qt qt 5.1.0
qt qt 5.2.0
qt qt 5.2.1
qt qt 5.3.0
qt qt 5.4.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                     matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "86E76F78-582E-4473-BF2F-70452F0B6AD5",
                     versionEndIncluding: "4.8.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30B4386-B419-46B7-945F-C04F79600708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E42429B-0123-428E-AD62-23000CDF7343",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2980C52-9843-4A39-B164-76E9583F2D7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.",
      },
      {
         lang: "es",
         value: "Múltiples desbordamientos de buffer en gui/image/qgifhandler.cpp en el módulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegación de servicio (fallo de segmentación) y posiblemente ejecutar código arbitrario a través de una imagen GIF manipulada.",
      },
   ],
   id: "CVE-2015-1860",
   lastModified: "2024-11-21T02:26:17.310",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2015-05-12T19:59:06.957",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/74302",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-2626-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/#/c/108248/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.gentoo.org/glsa/201603-10",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/74302",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2626-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/#/c/108248/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201603-10",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-20 07:15
Modified
2024-11-21 08:11
Summary
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
                     versionEndExcluding: "5.15.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "513DDB0D-A132-4046-8B49-D2776E585826",
                     versionEndExcluding: "6.2.9",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "226FFAAF-14BA-4B15-A7DC-40E7CE23947B",
                     versionEndExcluding: "6.5.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.",
      },
   ],
   id: "CVE-2023-37369",
   lastModified: "2024-11-21T08:11:35.890",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-20T07:15:08.963",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-114829",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/455027",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-114829",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/455027",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-02-28 21:15
Modified
2024-11-21 04:02
Summary
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
Impacted products
Vendor Product Version
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0679A9C-0004-4EB6-8813-78FFB72F7680",
                     versionEndIncluding: "5.14.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).",
      },
      {
         lang: "es",
         value: "En Qt versiones hasta 5.14.1, la implementación de WebSocket acepta hasta 2GB para tramas y 2GB para mensajes. Los límites más pequeños no pueden ser configurados. Esto hace más fácil para los atacantes causar una denegación de servicio (consumo de memoria)",
      },
   ],
   id: "CVE-2018-21035",
   lastModified: "2024-11-21T04:02:44.870",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "cve@mitre.org",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-28T21:15:12.790",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-70693",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-70693",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-27 02:15
Modified
2024-11-21 04:59
Severity ?
Summary
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
Impacted products
Vendor Product Version
qt qt 5.14.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4D50AA1-3D3A-463F-9015-4BB82D59E85B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.",
      },
      {
         lang: "es",
         value: "setMarkdown en Qt versiones anteriores a  la versión5.14.2, tiene una vulnerabilidad de uso de la memoria previamente liberada relacionada con la función QTextMarkdownImporter::insertBlock.",
      },
   ],
   id: "CVE-2020-12267",
   lastModified: "2024-11-21T04:59:24.567",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-27T02:15:12.443",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/291706",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202007-38",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/291706",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202007-38",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:58
Summary
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
Impacted products
Vendor Product Version
qt qt *
opensuse leap 15.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "09F12149-EFFA-4F50-948E-DBDEE0486972",
                     versionEndExcluding: "5.11.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Hay un consumo de recursos no controlado en QTgaFile.",
      },
   ],
   id: "CVE-2018-19871",
   lastModified: "2024-11-21T03:58:43.537",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-26T21:29:02.447",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2019:2135",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/237761/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:2135",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/237761/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-10-23 16:54
Modified
2024-11-21 01:55
Severity ?
Summary
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
Impacted products
Vendor Product Version
quassel-irc quassel_irc *
quassel-irc quassel_irc 0.1.0
quassel-irc quassel_irc 0.3.0
quassel-irc quassel_irc 0.3.0.1
quassel-irc quassel_irc 0.3.0.2
quassel-irc quassel_irc 0.3.0.3
quassel-irc quassel_irc 0.3.1
quassel-irc quassel_irc 0.4.0
quassel-irc quassel_irc 0.4.1
quassel-irc quassel_irc 0.4.2
quassel-irc quassel_irc 0.4.3
quassel-irc quassel_irc 0.5.0
quassel-irc quassel_irc 0.6.1
quassel-irc quassel_irc 0.6.2
quassel-irc quassel_irc 0.6.3
quassel-irc quassel_irc 0.7.0
quassel-irc quassel_irc 0.7.1
quassel-irc quassel_irc 0.7.2
quassel-irc quassel_irc 0.7.3
quassel-irc quassel_irc 0.7.4
quassel-irc quassel_irc 0.8.0
postgresql postgresql 8.2
postgresql postgresql 8.2.1
postgresql postgresql 8.2.2
postgresql postgresql 8.2.3
postgresql postgresql 8.2.4
postgresql postgresql 8.2.5
postgresql postgresql 8.2.6
postgresql postgresql 8.2.7
postgresql postgresql 8.2.8
postgresql postgresql 8.2.9
postgresql postgresql 8.2.10
postgresql postgresql 8.2.11
postgresql postgresql 8.2.12
postgresql postgresql 8.2.13
postgresql postgresql 8.2.14
postgresql postgresql 8.2.15
postgresql postgresql 8.2.16
postgresql postgresql 8.2.17
postgresql postgresql 8.2.18
postgresql postgresql 8.3
postgresql postgresql 8.3.1
postgresql postgresql 8.3.2
postgresql postgresql 8.3.3
postgresql postgresql 8.3.4
postgresql postgresql 8.3.5
postgresql postgresql 8.3.6
postgresql postgresql 8.3.7
postgresql postgresql 8.3.8
postgresql postgresql 8.3.9
postgresql postgresql 8.3.10
postgresql postgresql 8.3.11
postgresql postgresql 8.3.12
postgresql postgresql 8.3.13
postgresql postgresql 8.3.14
postgresql postgresql 8.3.15
postgresql postgresql 8.3.16
postgresql postgresql 8.3.17
postgresql postgresql 8.3.18
postgresql postgresql 8.3.19
postgresql postgresql 8.3.20
postgresql postgresql 8.3.21
postgresql postgresql 8.3.22
postgresql postgresql 8.4
postgresql postgresql 8.4.1
postgresql postgresql 8.4.2
postgresql postgresql 8.4.3
postgresql postgresql 8.4.4
postgresql postgresql 8.4.5
postgresql postgresql 8.4.6
postgresql postgresql 8.4.7
postgresql postgresql 8.4.8
postgresql postgresql 8.4.9
postgresql postgresql 8.4.10
postgresql postgresql 8.4.11
postgresql postgresql 8.4.12
postgresql postgresql 8.4.13
postgresql postgresql 8.4.14
postgresql postgresql 8.4.15
postgresql postgresql 8.4.16
postgresql postgresql 9.0
postgresql postgresql 9.0.1
postgresql postgresql 9.0.2
postgresql postgresql 9.0.3
postgresql postgresql 9.0.4
postgresql postgresql 9.0.5
postgresql postgresql 9.0.6
postgresql postgresql 9.0.7
postgresql postgresql 9.0.8
postgresql postgresql 9.0.9
postgresql postgresql 9.0.10
postgresql postgresql 9.0.11
postgresql postgresql 9.0.12
postgresql postgresql 9.1
postgresql postgresql 9.1.1
postgresql postgresql 9.1.2
postgresql postgresql 9.1.3
postgresql postgresql 9.1.4
postgresql postgresql 9.1.5
postgresql postgresql 9.1.6
postgresql postgresql 9.1.7
postgresql postgresql 9.1.8
postgresql postgresql 9.2
postgresql postgresql 9.2.1
postgresql postgresql 9.2.2
postgresql postgresql 9.2.3
quassel-irc quassel_irc *
quassel-irc quassel_irc 0.1.0
quassel-irc quassel_irc 0.3.0
quassel-irc quassel_irc 0.3.0.1
quassel-irc quassel_irc 0.3.0.2
quassel-irc quassel_irc 0.3.0.3
quassel-irc quassel_irc 0.3.1
quassel-irc quassel_irc 0.4.0
quassel-irc quassel_irc 0.4.1
quassel-irc quassel_irc 0.4.2
quassel-irc quassel_irc 0.4.3
quassel-irc quassel_irc 0.5.0
quassel-irc quassel_irc 0.6.1
quassel-irc quassel_irc 0.6.2
quassel-irc quassel_irc 0.6.3
quassel-irc quassel_irc 0.7.0
quassel-irc quassel_irc 0.7.1
quassel-irc quassel_irc 0.7.2
quassel-irc quassel_irc 0.7.3
quassel-irc quassel_irc 0.7.4
quassel-irc quassel_irc 0.8.0
qt qt 4.8.5
qt qt 5.0.0
qt qt 5.0.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "170E86C5-BBF5-428C-ADA6-3A15EBDA4E19",
                     versionEndIncluding: "0.9.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1433FF02-5809-4437-81C9-F3DDBEEBDF58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "757EAC47-2700-4328-91AA-E530629C1ACA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C753CCF-AA7D-4691-87A2-E9D8E3C6B907",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "01E3D0A4-E754-4730-B926-FEDEE7967356",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A85C99B-79A9-4FAF-BA6F-C4137D9FA709",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "862BCFFB-C188-423B-B66B-B34E65958F9B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CDFCD1-7992-4AAC-9357-1B20C477A3D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "297A53B8-257A-4730-A745-06451A993DF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831DBB69-C22C-466A-AA01-F8D89AF2516B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A85F092-B58B-461C-A81C-C237EBEB9575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E09B40EF-B855-4CE4-B1D2-9FEA960C2F86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E52C0DA4-45C8-4D40-9736-CCF133629C6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "68EE8417-05A3-4CAB-8540-20DD34EB6E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0887210F-24D0-4E24-87B4-0F07764CA891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9FEC0F5-4EAE-48EE-848C-E3BD14CCE65D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06385037-D229-4A07-B1A6-1989BDA19C79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA572CB3-5A7F-4BBC-B01D-97412ECE3CB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F7079BD-A592-4947-86CB-A1CEAC0B1207",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C40856E-C88B-42D1-B5A7-F1E1E5FFDD59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EE7000F-0920-4CFC-8619-7C49F6120FF1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7213327F-6909-43A7-952E-11600C28D4E3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "10EF0EA6-C8B6-40A7-A3AE-8639CA94D5C5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9F645F3-9767-4FD8-94EB-1096DF24E6C3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C342A823-EF6F-4557-9F9E-D8893EA4C2BA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B85A443F-0802-412F-9AEE-3525311C93D4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "06253BA8-7F1E-4C79-9B2E-197307A627F0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A213AB8-A5FE-4062-B895-2FC4B19F60A4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A3F083E-59A8-41B1-826F-2CA39BD425C9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE49E2D5-8EAC-49C7-B704-E626FBE7EC35",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5059B2F-B588-463E-8E96-BC9DA129C12E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "C919AF97-9713-44F8-B742-89C438DB0B48",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "400BBC62-5D03-465B-A864-9CD479B963F8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC8C96F7-7F85-4E47-A05F-15E3C70AF583",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C236CF1-72C0-4C3D-AE04-B67E3F18EEC8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC98D47-8B3C-4DE6-8C45-F5B92266027F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "C170C441-619A-48DB-9332-05FA4E62C342",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "053A2531-CFAA-466D-811C-A6154826D596",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "84A3D04C-2739-474C-B659-CBCFA574198B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.2.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D38CF1E-A944-4F7A-BECE-F8DF2589C873",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2A705DF-3654-427F-8B11-62DB0B6C9813",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "05AD5D33-86F4-4BFF-BA84-02AA1347BEEB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02FDCF30-D0F7-48AA-9633-9CC060495F47",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "788975F6-B3F1-4C21-B963-6BA59F14B71C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6713D96-338B-4467-9F05-3153997F62E2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "01EB1A77-92AD-47FB-8290-D05C9B6C19C4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "74857259-30C7-422D-A24D-BE1E33F09466",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD80066B-787E-496B-88FD-F0AE291468C5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "88C9F0AB-A125-4DCD-A02B-E04D4D95FB5D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FF13F89-F4C3-43EC-A36A-2F9283E923B8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2631F09-73DD-4A28-8082-3939D89DDBE0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "82DDE9E7-EBF9-452B-8380-F9E87CF30ACA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BAE68CF-198D-4F01-92F3-4DED7E50ACA6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF798CBC-C8BB-4F88-A927-B385A0DD8F19",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF8F568F-7D23-4553-95C5-C7C6B6584EB7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1DB64EA-DE7B-4CA4-8121-90612409152D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A932403-9187-471B-BE65-4B6907D57D1B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CC6D76B-EF54-4F03-84BB-4CEAE31C4FFD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE4CDA93-AEF6-489E-A5A1-BDC62BC9707B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "6866FCCB-1E43-4D8A-BC89-F06CB7A904B5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "1198129D-E814-4BB8-88DA-E500EB65E01D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "1937DF43-31CA-4AB8-8832-96AAD73A7FCF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.3.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "59AC452F-3902-4E6C-856D-469C87AAC1C2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F30CA60-0A82-45CD-8044-CE245393593D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C991F71-1E27-47A6-97DC-424FC3EF6011",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5740C7AA-1772-41D8-9851-3E3669CD8521",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "970338CD-A680-4DD0-BD27-459B0DDA4002",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A99C579D-44C0-40A4-A4EB-CBCF40D0C2FA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E9E57FA-5EAE-4698-992D-146C6310E0B8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C66CDEC1-FB2E-49B7-A8BE-38E43C8ED652",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "87DF2937-9C51-4768-BAB1-901BCA636ADD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "515C0ECD-2D95-4B6E-8E2F-DAF94E4A310F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA0EB754-7A71-40FA-9EAD-44914EB758C3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "1089D316-D5A3-4F2D-9E52-57FD626A1D06",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "F17D9158-E85A-4436-9180-E8546CF8F290",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "64CBBE6E-8FDA-46AD-96A9-8C6CFFE97ABC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7A0D13E-6B06-42E9-BEB9-C8FCC3A4E2ED",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB79FB06-4712-4DE8-8C0B-5CEE8530828D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "7054A3D4-8C52-4636-B135-1078B8DF1D5D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:8.4.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6763B2A-00C4-4AAB-8769-9AAEE4BAA603",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DD4DE67-9E3C-4F79-8AAB-344C1C46C618",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCB718D2-97AA-4D61-AA4B-2216EEF55F67",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "605C06BF-54A0-40F8-A01E-8641B4A83035",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F1F5B75-78D5-408E-8148-CA23DCED9CBB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "88DE8C27-0E0A-4428-B25D-054D4FC6FEA8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "F609DDE4-0858-4F83-B8E6-7870196E21CB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "349F02AF-013E-4264-9717-010293A3D6E4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "047926F2-846A-4870-9640-9A4F2804D71B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB0165D8-0BFA-4D46-95A3-45A03DC086FB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D6CF6A0-43DC-4C64-A3C4-01EB36F6672B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E8251C0-9CAE-4608-BC11-75646A601408",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC024E5D-122D-4E3D-AD24-759AB5940F20",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "723336B5-405A-4236-A507-2C26E591CF49",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4796DBEC-FF4F-4749-90D5-AD83D8B5E086",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "79108278-D644-4506-BD9C-F464C6E817B7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "10CF0AA0-41CD-4D50-BA7A-BF8846115C95",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "965E1A9D-BB23-4C0B-A9CA-54A1855055B1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1F37C66-0AFE-4D59-8867-BDBCE656774E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CE53AE6-232C-4068-98D1-7749007C3CFD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "FFD38139-FD17-41E7-8D10-7731D8203CFC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCC0B41F-38FF-4D41-9E31-D666A84BB2FC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "A591CB08-5CEB-45EB-876F-417DCD60AF53",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD27648F-E2FF-4779-97F9-2632DCC6B16D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEFB4916-8B59-4534-804C-CF9DA1B18508",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3413A3AB-45A3-48E1-9B30-1194C4E7D49D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5760CE83-4802-42A0-9338-E1E634882450",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "170E86C5-BBF5-428C-ADA6-3A15EBDA4E19",
                     versionEndIncluding: "0.9.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1433FF02-5809-4437-81C9-F3DDBEEBDF58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "757EAC47-2700-4328-91AA-E530629C1ACA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C753CCF-AA7D-4691-87A2-E9D8E3C6B907",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "01E3D0A4-E754-4730-B926-FEDEE7967356",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A85C99B-79A9-4FAF-BA6F-C4137D9FA709",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "862BCFFB-C188-423B-B66B-B34E65958F9B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CDFCD1-7992-4AAC-9357-1B20C477A3D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "297A53B8-257A-4730-A745-06451A993DF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831DBB69-C22C-466A-AA01-F8D89AF2516B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A85F092-B58B-461C-A81C-C237EBEB9575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E09B40EF-B855-4CE4-B1D2-9FEA960C2F86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E52C0DA4-45C8-4D40-9736-CCF133629C6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "68EE8417-05A3-4CAB-8540-20DD34EB6E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0887210F-24D0-4E24-87B4-0F07764CA891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9FEC0F5-4EAE-48EE-848C-E3BD14CCE65D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06385037-D229-4A07-B1A6-1989BDA19C79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA572CB3-5A7F-4BBC-B01D-97412ECE3CB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F7079BD-A592-4947-86CB-A1CEAC0B1207",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C40856E-C88B-42D1-B5A7-F1E1E5FFDD59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:quassel-irc:quassel_irc:0.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EE7000F-0920-4CFC-8619-7C49F6120FF1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "581FF62C-BD93-485C-A5BA-E5EBFEDC45C9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30B4386-B419-46B7-945F-C04F79600708",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección SQL en Quassel IRC anterior a la versión 0.9.1, cuando Qt 4.8.5 o posteriores y PostgreSQL 8.2 o posteriores son usados, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una \\ (barra invertida) en un mensaje.",
      },
   ],
   id: "CVE-2013-4422",
   lastModified: "2024-11-21T01:55:32.120",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-10-23T16:54:28.907",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://bugs.quassel-irc.org/issues/1244",
      },
      {
         source: "secalert@redhat.com",
         url: "http://quassel-irc.org/node/120",
      },
      {
         source: "secalert@redhat.com",
         url: "http://seclists.org/oss-sec/2013/q4/74",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/55194",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/55581",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-201311-03.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/62923",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugs.quassel-irc.org/issues/1244",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://quassel-irc.org/node/120",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/oss-sec/2013/q4/74",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/55194",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/55581",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-201311-03.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/62923",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-13 02:15
Modified
2024-11-21 08:13
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
                     versionEndExcluding: "5.15.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D034EA-7845-4FE1-BA22-0C12D61054B4",
                     versionEndExcluding: "6.2.10",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87A37030-7537-4CA1-878E-5AFE90FCF259",
                     versionEndExcluding: "6.5.3",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
      },
   ],
   id: "CVE-2023-38197",
   lastModified: "2024-11-21T08:13:03.637",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2023-07-13T02:15:09.677",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/488960",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/488960",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-835",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-835",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-12-16 02:29
Modified
2024-11-21 03:06
Summary
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
Impacted products
Vendor Product Version
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:android:*:*",
                     matchCriteriaId: "F88F399C-A111-4C03-8D1B-9F280F9F4BE0",
                     versionEndExcluding: "5.9.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en aplicaciones creadas mediante Qt para Android en versiones anteriores a la 5.9.3 permite que atacantes alteren variables del entorno mediante vectores sin especificar.",
      },
   ],
   id: "CVE-2017-10905",
   lastModified: "2024-11-21T03:06:43.133",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-12-16T02:29:07.230",
   references: [
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
      },
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://jvn.jp/en/jp/JVN27342829/index.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://jvn.jp/en/jp/JVN27342829/index.html",
      },
   ],
   sourceIdentifier: "vultures@jpcert.or.jp",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-09-14 19:15
Modified
2024-11-21 04:53
Summary
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE712F0E-F718-44F5-8D3C-9597BDCFA7F2",
                     versionEndExcluding: "5.9.10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C20C537-CE28-4732-BCE7-531147012FE4",
                     versionEndExcluding: "5.12.7",
                     versionStartIncluding: "5.10.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F04F7C8-9824-4D94-A968-E86D2FD8C81E",
                     versionEndExcluding: "5.14.0",
                     versionStartIncluding: "5.13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.",
      },
      {
         lang: "es",
         value: "Una ruta de búsqueda no controlada en QT Library versiones anteriores a 5.14.0, 5.12.7 y 5.9.10, puede permitir a un usuario autenticado habilitar potencialmente una elevación de privilegios por medio un acceso local",
      },
   ],
   id: "CVE-2020-0570",
   lastModified: "2024-11-21T04:53:46.807",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.3,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.3,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-09-14T19:15:10.583",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-81272",
      },
      {
         source: "secure@intel.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1800604",
      },
      {
         source: "secure@intel.com",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lists.qt-project.org/pipermail/development/2020-January/038534.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-81272",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1800604",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lists.qt-project.org/pipermail/development/2020-January/038534.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-426",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-12-24 21:15
Modified
2024-11-21 08:38
Severity ?
Summary
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "06B844AA-8325-4FBB-8B65-56C09DEE08A0",
                     versionEndExcluding: "5.15.17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3793E806-D388-440B-A9FE-9F3F38DA53C6",
                     versionEndExcluding: "6.2.11",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E200056B-1895-4D3A-809F-B8B70067240B",
                     versionEndExcluding: "6.5.4",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AD7C249-EF02-4DD7-A5E2-FFCFD373C888",
                     versionEndExcluding: "6.6.2",
                     versionStartIncluding: "6.6.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.",
      },
      {
         lang: "es",
         value: "Se descubrió un problema en la implementación de HTTP2 en Qt antes de 5.15.17, 6.x antes de 6.2.11, 6.3.x hasta 6.5.x antes de 6.5.4 y 6.6.x antes de 6.6.2. network/access/http2/hpacktable.cpp tiene una comprobación de desbordamiento de enteros HPack incorrecta.",
      },
   ],
   id: "CVE-2023-51714",
   lastModified: "2024-11-21T08:38:39.687",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-12-24T21:15:25.470",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Product",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/524864",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Product",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Product",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/524864",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Product",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-07-04 21:15
Modified
2024-11-21 09:28
Summary
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E12B8628-DB3E-4ED1-9D7F-261C5895F69E",
                     versionEndExcluding: "5.15.18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "838DE514-7032-40DC-AF57-1661CB8FAFB5",
                     versionEndExcluding: "6.2.13",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E25AAED6-E83F-4CB9-8CE2-428F76942B68",
                     versionEndExcluding: "6.5.7",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1030EC9F-B558-4FA9-A31D-2053DEA52F3A",
                     versionEndExcluding: "6.7.3",
                     versionStartIncluding: "6.6.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..",
      },
      {
         lang: "es",
         value: "Se descubrió un problema en HTTP2 en Qt antes de 5.15.18, 6.x antes de 6.2.13, 6.3.x hasta 6.5.x antes de 6.5.7 y 6.6.x hasta 6.7.x antes de 6.7.3. El código para tomar decisiones relevantes para la seguridad sobre una conexión establecida puede ejecutarse demasiado pronto, porque la señal encrypted() aún no se ha emitido ni procesado.",
      },
   ],
   id: "CVE-2024-39936",
   lastModified: "2024-11-21T09:28:36.910",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-07-04T21:15:10.180",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/571601",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/571601",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-367",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-28 23:15
Modified
2024-11-21 08:04
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
                     versionEndExcluding: "5.15.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "513DDB0D-A132-4046-8B49-D2776E585826",
                     versionEndExcluding: "6.2.9",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
                     versionEndExcluding: "6.5.1",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.",
      },
   ],
   id: "CVE-2023-32763",
   lastModified: "2024-11-21T08:04:00.213",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-28T23:15:09.620",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/476125",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
         ],
         url: "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.gentoo.org/glsa/202402-03",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/476125",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
         ],
         url: "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202402-03",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2007-04-03 16:19
Modified
2024-11-21 00:25
Severity ?
Summary
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
cve@mitre.orghttp://fedoranews.org/updates/FEDORA-2007-703.shtml
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2011-1324.html
cve@mitre.orghttp://secunia.com/advisories/24699
cve@mitre.orghttp://secunia.com/advisories/24705
cve@mitre.orghttp://secunia.com/advisories/24726
cve@mitre.orghttp://secunia.com/advisories/24727
cve@mitre.orghttp://secunia.com/advisories/24759
cve@mitre.orghttp://secunia.com/advisories/24797
cve@mitre.orghttp://secunia.com/advisories/24847
cve@mitre.orghttp://secunia.com/advisories/24889
cve@mitre.orghttp://secunia.com/advisories/25263
cve@mitre.orghttp://secunia.com/advisories/26804
cve@mitre.orghttp://secunia.com/advisories/26857
cve@mitre.orghttp://secunia.com/advisories/27108
cve@mitre.orghttp://secunia.com/advisories/27275
cve@mitre.orghttp://secunia.com/advisories/46117
cve@mitre.orghttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2007-424.htm
cve@mitre.orghttp://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html
cve@mitre.orghttp://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1292
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:074
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:075
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:076
cve@mitre.orghttp://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_6_sr.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0883.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0909.html
cve@mitre.orghttp://www.securityfocus.com/bid/23269
cve@mitre.orghttp://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350Patch
cve@mitre.orghttp://www.ubuntu.com/usn/usn-452-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1212
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/33397
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1202
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/updates/FEDORA-2007-703.shtml
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2011-1324.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24699
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24705
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24726
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24727
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24759
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24797
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24847
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24889
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25263
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26804
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26857
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27108
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27275
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46117
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm
af854a3a-2127-422b-91ae-364da2661108http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html
af854a3a-2127-422b-91ae-364da2661108http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1292
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:074
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:075
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:076
af854a3a-2127-422b-91ae-364da2661108http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_6_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0883.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0909.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23269
af854a3a-2127-422b-91ae-364da2661108http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350Patch
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-452-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1212
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33397
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1202
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510
Impacted products
Vendor Product Version
qt qt 3.3.8
qt qt 4.2.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:3.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D729F4A6-D9EA-44A3-8974-B03A814130BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.",
      },
      {
         lang: "es",
         value: "El decodificador de UTF-8 en el codecs/qutfcodec.cpp del Qt 3.3.8 y 4.2.3 no rechaza secuencias largas de UTF-8 como lo solicitado por el estándar, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS)  y de escalado de directorios mediante secuencias largas que decodifican metacaracteres peligrosos.",
      },
   ],
   id: "CVE-2007-0242",
   lastModified: "2024-11-21T00:25:19.787",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2007-04-03T16:19:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc",
      },
      {
         source: "cve@mitre.org",
         url: "http://fedoranews.org/updates/FEDORA-2007-703.shtml",
      },
      {
         source: "cve@mitre.org",
         url: "http://rhn.redhat.com/errata/RHSA-2011-1324.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/24699",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/24705",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/24726",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/24727",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/24759",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/24797",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/24847",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/24889",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/25263",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/26804",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/26857",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/27108",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/27275",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/46117",
      },
      {
         source: "cve@mitre.org",
         url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591",
      },
      {
         source: "cve@mitre.org",
         url: "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm",
      },
      {
         source: "cve@mitre.org",
         url: "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2007/dsa-1292",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2007_6_sr.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2007-0883.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2007-0909.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/23269",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/usn-452-1",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2007/1212",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397",
      },
      {
         source: "cve@mitre.org",
         url: "https://issues.rpath.com/browse/RPL-1202",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://fedoranews.org/updates/FEDORA-2007-703.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2011-1324.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/24699",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/24705",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/24726",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/24727",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/24759",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/24797",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/24847",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/24889",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/25263",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/26804",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/26857",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/27108",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/27275",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/46117",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2007/dsa-1292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2007_6_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2007-0883.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2007-0909.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/23269",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-452-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2007/1212",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://issues.rpath.com/browse/RPL-1202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2135
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3390
cve@mitre.orghttps://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Release Notes, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/238749/Issue Tracking, Patch, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/01/msg00004.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
cve@mitre.orghttps://usn.ubuntu.com/4003-1/
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4374Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2135
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3390
af854a3a-2127-422b-91ae-364da2661108https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/238749/Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/01/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4003-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4374Third Party Advisory
Impacted products
Vendor Product Version
qt qt *
debian debian_linux 8.0
debian debian_linux 9.0
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "09F12149-EFFA-4F50-948E-DBDEE0486972",
                     versionEndExcluding: "5.11.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. QBmpHandler tiene un desbordamiento de búfer mediante datos BMP.",
      },
   ],
   id: "CVE-2018-19873",
   lastModified: "2024-11-21T03:58:43.853",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-26T21:29:02.480",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2019:2135",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2019:3390",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/238749/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4003-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4374",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:2135",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:3390",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/238749/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4003-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4374",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2024-11-21 02:26
Severity ?
Summary
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlPatch, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlThird Party Advisory
secalert@redhat.comhttp://lists.qt-project.org/pipermail/announce/2015-April/000067.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/74307Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/bid/74310
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2626-1
secalert@redhat.comhttps://security.gentoo.org/glsa/201603-10
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.qt-project.org/pipermail/announce/2015-April/000067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74307Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74310
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2626-1
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201603-10
Impacted products
Vendor Product Version
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 22
digia qt *
qt qt 5.0.0
qt qt 5.0.1
qt qt 5.0.2
qt qt 5.1.0
qt qt 5.2.0
qt qt 5.2.1
qt qt 5.3.0
qt qt 5.4.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                     matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "86E76F78-582E-4473-BF2F-70452F0B6AD5",
                     versionEndIncluding: "4.8.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30B4386-B419-46B7-945F-C04F79600708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E42429B-0123-428E-AD62-23000CDF7343",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2980C52-9843-4A39-B164-76E9583F2D7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.",
      },
      {
         lang: "es",
         value: "Múltiples desbordamientos de buffer en plugins/imageformats/ico/qicohandler.cpp en el módulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegación de servicio (fallo de segmentación y caída) y posiblemente ejecutar código arbitrario a través de una imagen ICO manipulada.",
      },
   ],
   id: "CVE-2015-1859",
   lastModified: "2024-11-21T02:26:17.183",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2015-05-12T19:59:05.957",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/74307",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/74310",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-2626-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.gentoo.org/glsa/201603-10",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/74307",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/74310",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2626-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201603-10",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:58
Summary
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2135
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3390
cve@mitre.orghttps://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Release Notes, Vendor Advisory
cve@mitre.orghttps://codereview.qt-project.org/#/c/235998/Patch, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/01/msg00004.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
cve@mitre.orghttps://usn.ubuntu.com/4003-1/
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4374Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2135
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3390
af854a3a-2127-422b-91ae-364da2661108https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#/c/235998/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/01/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4003-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4374Third Party Advisory
Impacted products
Vendor Product Version
qt qt *
debian debian_linux 8.0
debian debian_linux 9.0
opensuse leap 15.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "09F12149-EFFA-4F50-948E-DBDEE0486972",
                     versionEndExcluding: "5.11.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen GIF mal formada provoca una desreferencia de puntero NULL en QGifHandler, lo que resulta en un fallo de segmentación.",
      },
   ],
   id: "CVE-2018-19870",
   lastModified: "2024-11-21T03:58:43.373",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-26T21:29:02.387",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2019:2135",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2019:3390",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/235998/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4003-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4374",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:2135",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:3390",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/#/c/235998/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4003-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4374",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-10 06:15
Modified
2024-11-21 08:03
Summary
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "006030F9-35BF-489D-8C3F-14ECF93518C3",
                     versionEndExcluding: "5.15.14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "513DDB0D-A132-4046-8B49-D2776E585826",
                     versionEndExcluding: "6.2.9",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
                     versionEndExcluding: "6.5.1",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.",
      },
   ],
   id: "CVE-2023-32573",
   lastModified: "2024-11-21T08:03:37.877",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-10T06:15:19.070",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtsvg/+/474093",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtsvg/+/474093",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-369",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-06-05 03:15
Modified
2025-01-08 17:15
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
Impacted products
Vendor Product Version
qt qt *
qt qt *
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
                     versionEndExcluding: "5.15.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "513DDB0D-A132-4046-8B49-D2776E585826",
                     versionEndExcluding: "6.2.9",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "226FFAAF-14BA-4B15-A7DC-40E7CE23947B",
                     versionEndExcluding: "6.5.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.",
      },
   ],
   id: "CVE-2023-34410",
   lastModified: "2025-01-08T17:15:13.230",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2023-06-05T03:15:09.390",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/477560",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/480002",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/477560",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/480002",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-295",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-295",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-09-02 17:30
Modified
2024-11-21 01:05
Severity ?
Summary
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Impacted products
Vendor Product Version
qt qt 4.0.0
qt qt 4.0.1
qt qt 4.1.0
qt qt 4.1.1
qt qt 4.1.2
qt qt 4.1.3
qt qt 4.1.4
qt qt 4.1.5
qt qt 4.2.0
qt qt 4.2.1
qt qt 4.2.3
qt qt 4.3.0
qt qt 4.3.1
qt qt 4.3.2
qt qt 4.3.3
qt qt 4.3.4
qt qt 4.3.5
qt qt 4.4.0
qt qt 4.4.1
qt qt 4.4.2
qt qt 4.4.3
qt qt 4.5.0
qt qt 4.5.1
qt qt 4.5.2
qt qt 4.5.3
qt qt 4.6.0
qt qt 4.6.0
qt qt 4.6.1
qt qt 4.6.2
qt qt 4.6.3
qt qt 4.6.4
qt qt 4.7.0
qt qt 4.7.1
qt qt 4.7.2
qt qt 4.7.3
qt qt 4.7.4
qt qt 4.7.5
qt qt 4.8.0
qt qt 4.8.1
qt qt 4.8.2
qt qt 4.8.3
qt qt 4.8.4



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A38B91E-698F-4638-BC3B-BD02F3313B70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "76366D45-3604-49D1-BD97-8A9FACEA2171",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEEF60A1-5FF0-465F-A872-62F80899F870",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D5386EE-376B-4773-8687-5314BFF35E41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3AC6465-B459-410E-A5C5-EBFF5C866009",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A12D978-B6FF-4C67-97D4-91A285C47813",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DBD073E-F3E0-4273-81E9-AF010B711F08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D58ACBA-7DF3-403A-AC0E-94749383C750",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D16BB8CE-3871-4DFA-84BB-C089894437D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "FEE12FD7-2FB2-444A-A660-86294646F8A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5596442-5608-439B-8BE6-53A70F20C079",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "29FD745E-4B61-417F-BC66-386877E75351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "82A767D8-6194-4ED5-B9BE-2A14541C141F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "874E217C-98AC-4F0B-B120-D721164912CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3051F46B-E301-4DF7-A89B-4E8495617888",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "342A67CF-B332-46D1-A3FF-604552953C66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A6196C5-BB95-447A-B610-4765AB702F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B307395A-36B6-4F54-92C9-D732580F3EBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "214A1125-FBE9-433D-8B05-10595CD59F24",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
      },
      {
         lang: "es",
         value: "src/network/ssl/qsslcertificate.cpp en Nokia Trolltech Qt v4.x no gestiona adecuadamente el carácter '\\0'en un nombre de dominio en el campo Subject Alternative Name field de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elección a través de certificados manipulados expedidos por una Autoridad de Certificación legítima, una cuestión relacionada con CVE-2009-2408.",
      },
   ],
   id: "CVE-2009-2700",
   lastModified: "2024-11-21T01:05:33.150",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-09-02T17:30:00.797",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36536",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36702",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/36203",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/usn-829-1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2499",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36536",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36702",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/36203",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-829-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2499",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vendorComments: [
      {
         comment: "Not vulnerable. This issue did not affect the versions of qt and qt4 as shipped with Red Hat Enterprise Linux 3, 4, or 5.  Affected code was introduced upstream in version 4.3.",
         lastModified: "2009-09-03T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-12 17:15
Modified
2024-11-21 07:22
Summary
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
Impacted products
Vendor Product Version
qt qt 6.3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B80CA217-D896-4BCF-B385-582CDF21DAD6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.",
      },
      {
         lang: "es",
         value: "Existe una vulnerabilidad de desbordamiento de enteros en la API QML QtScript Reflect de Qt Project Qt 6.3.2. Un código JavaScript especialmente manipulado puede provocar un desbordamiento de enteros durante la asignación de memoria, lo que puede provocar la ejecución de código arbitrario. La aplicación de destino necesitaría acceder a una página web maliciosa para activar esta vulnerabilidad.",
      },
   ],
   id: "CVE-2022-40983",
   lastModified: "2024-11-21T07:22:23.133",
   metrics: {
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "talos-cna@cisco.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-12T17:15:09.407",
   references: [
      {
         source: "talos-cna@cisco.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
      },
   ],
   sourceIdentifier: "talos-cna@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "talos-cna@cisco.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-10-04 01:29
Modified
2024-11-21 03:13
Summary
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
Impacted products
Vendor Product Version
qt qt 5.0.0
qt qt 5.0.1
qt qt 5.1.0
qt qt 5.2.0
qt qt 5.3.0
qt qt 5.4.0
qt qt 5.5.0
qt qt 5.6.0
qt qt 5.7.0
qt qt 5.8.0
qt qt 5.9.0
qt qt 5.10.0
qt qt 5.10.1
qt qt 5.11.0
qt qt 5.11.1
qt qt 5.11.2
qt qt 5.11.3
qt qt 5.12.0
qt qt 5.12.1
qt qt 5.12.2
qt qt 5.12.3
qt qt 5.12.4
qt qt 5.13.0
qt qt 5.14.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30B4386-B419-46B7-945F-C04F79600708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E42429B-0123-428E-AD62-23000CDF7343",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2980C52-9843-4A39-B164-76E9583F2D7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AE4473E-33BB-4953-9FC5-B3EE503A19E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA1E6864-005E-4843-8D76-AF7D687CF991",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCC41EE4-29DE-4F86-AEA5-179F6AC9F24B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F663AA25-2910-4D31-AD72-8BC8F76E9AE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DD2FCA0-F628-4164-8D32-8191A3004AFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7AA598B-B954-4389-AEC4-6B8E7762D507",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5F566F5-FB40-4F63-BF93-C9253A828B13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD5483AF-66FC-411D-A529-16C5CC8BD8A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C6827E6-7B15-423D-89C2-46B5E2D35961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "58551C4F-EDA2-4AA3-9C5D-6FDF88C5746F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5CCC1DB-3BA9-48CB-ADEE-F1C74C88CC08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9024B9F9-90B8-494F-950E-955E62A3C872",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B54B9182-F8A0-45AA-99A8-A7424A7C34E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B63018D9-848B-4901-9DC9-CE6BBF0C2CDC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1DE2DA92-F05B-426C-8CE7-6DCC6AF6461D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E4018AD-55DB-4C13-A26B-ED1564E4C501",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.12.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "6EC8E8B7-299B-4E76-9DC7-8482BA357B5E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.13.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD5AC67C-2634-49DB-9F97-C27498047C1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.14.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8F2A2AC-F3DE-49E3-B0AF-3953ABD1C269",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.",
      },
      {
         lang: "es",
         value: "Las tuberías nombradas en qtsingleapp en QT 5.x, tal y como se usan en qBittorrent y SugarSync, están configuradas para que se puedan acceder de manera remota y permitan que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante una cadena no especificada.",
      },
   ],
   id: "CVE-2017-15011",
   lastModified: "2024-11-21T03:13:55.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-10-04T01:29:03.433",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.youtube.com/watch?v=m6zISgWPGGY",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.youtube.com/watch?v=m6zISgWPGGY",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-02-24 19:55
Modified
2024-11-21 01:45
Severity ?
Summary
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
References
secalert@redhat.comhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
secalert@redhat.comhttp://lists.qt-project.org/pipermail/announce/2013-January/000020.htmlVendor Advisory
secalert@redhat.comhttp://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
secalert@redhat.comhttp://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
secalert@redhat.comhttp://secunia.com/advisories/52217Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/01/04/6
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1723-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=891955
secalert@redhat.comhttps://codereview.qt-project.org/#change%2C42461
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
af854a3a-2127-422b-91ae-364da2661108http://lists.qt-project.org/pipermail/announce/2013-January/000020.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
af854a3a-2127-422b-91ae-364da2661108http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52217Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/01/04/6
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1723-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=891955
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#change%2C42461
Impacted products
Vendor Product Version
qt qt *
qt qt 4.6.0
qt qt 4.6.0
qt qt 4.6.1
qt qt 4.6.2
qt qt 4.6.3
qt qt 4.6.4
qt qt 4.7.0
qt qt 4.7.1
qt qt 4.7.2
qt qt 4.7.3
qt qt 4.7.4
qt qt 4.7.5
qt qt 4.7.6
qt qt 4.8.0
qt qt 4.8.1
qt qt 4.8.2
qt qt 4.8.3
qt qt 4.8.4
canonical ubuntu_linux 10.04
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10
opensuse opensuse 11.4
opensuse opensuse 12.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:rc:*:*:*:*:*:*",
                     matchCriteriaId: "89E6A634-D297-42AF-B001-48BCBB89C240",
                     versionEndIncluding: "4.6.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "82A767D8-6194-4ED5-B9BE-2A14541C141F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "874E217C-98AC-4F0B-B120-D721164912CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3051F46B-E301-4DF7-A89B-4E8495617888",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "342A67CF-B332-46D1-A3FF-604552953C66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A6196C5-BB95-447A-B610-4765AB702F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*",
                     matchCriteriaId: "6E5EF3D1-6BD5-4488-A18C-79E26E87CFA6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B307395A-36B6-4F54-92C9-D732580F3EBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "214A1125-FBE9-433D-8B05-10595CD59F24",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
                     matchCriteriaId: "7118F616-25CA-4E34-AA13-4D14BB62419F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
                     matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE554781-1EB9-446E-911F-6C11970C47F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D806A17E-B8F9-466D-807D-3F1E77603DC8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.",
      },
      {
         lang: "es",
         value: "La función QSslSocket::sslErrors en Qt anterior a v4.6.5, v4.7.x anterior a v4.7.6, v4.8.x anterior a v4.8.5, cuando se usan ciertas versiones de openSSL, usa un diseño de estructura incompatible que puede leer memoria desde una dirección erronea, lo que produce que Qt reporte un error incorrecto cuando el certificado de validación falle y puede causar a los usuarios que hagan decisiones de seguridad inseguras para aceptar certificados.",
      },
   ],
   id: "CVE-2012-6093",
   lastModified: "2024-11-21T01:45:48.413",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-02-24T19:55:00.907",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29",
      },
      {
         source: "secalert@redhat.com",
         url: "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52217",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2013/01/04/6",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1723-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=891955",
      },
      {
         source: "secalert@redhat.com",
         url: "https://codereview.qt-project.org/#change%2C42461",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52217",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2013/01/04/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1723-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=891955",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://codereview.qt-project.org/#change%2C42461",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-03-02 15:15
Modified
2024-11-21 06:52
Summary
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
Impacted products
Vendor Product Version
qt qt *
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EE0E420-E881-4893-948F-4ED9C590E2BC",
                     versionEndIncluding: "5.15.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "34D0AEC9-E2D5-4E2D-9099-3A257273BB27",
                     versionEndIncluding: "6.2.3",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.",
      },
      {
         lang: "es",
         value: "Qt versiones hasta 5.15.8 y versiones 6.x hasta 6.2.3, pueden cargar archivos de biblioteca del sistema desde un directorio de trabajo no deseado",
      },
   ],
   id: "CVE-2022-25634",
   lastModified: "2024-11-21T06:52:28.763",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-02T15:15:08.277",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/396440",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/396689",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/396440",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/396689",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-12-16 02:29
Modified
2024-11-21 03:06
Severity ?
Summary
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Impacted products
Vendor Product Version
qt qt *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:android:*:*",
                     matchCriteriaId: "9815918D-C797-4ED8-B408-A2AD28F4CC50",
                     versionEndExcluding: "5.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Qt para Android en versiones anteriores a la 5.9.0 permite que los atacantes remotos ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar.",
      },
   ],
   id: "CVE-2017-10904",
   lastModified: "2024-11-21T03:06:43.013",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-12-16T02:29:07.183",
   references: [
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
      },
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://jvn.jp/en/jp/JVN67389262/index.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://jvn.jp/en/jp/JVN67389262/index.html",
      },
   ],
   sourceIdentifier: "vultures@jpcert.or.jp",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-11 14:15
Modified
2024-11-21 05:58
Summary
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
References
cve@mitre.orghttps://bugreports.qt.io/browse/QTBUG-91507Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugreports.qt.io/browse/QTBUG-91507Exploit, Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
qt qt 5.15.1
qt qt 6.0.0
qt qt 6.0.0
qt qt 6.0.0
qt qt 6.0.0
qt qt 6.0.0
qt qt 6.0.0
qt qt 6.0.0
qt qt 6.0.0
qt qt 6.0.0
qt qt 6.0.2
qt qt 6.2.0
qt qt 6.2.0
qt qt 6.2.0
qt qt 6.2.0
qt qt 6.2.0
qt qt 6.2.0
qt qt 6.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA7FCB6B-872F-4900-A2CF-192AFECC4DFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "C0A66DBD-439D-45EA-BC80-502314D5B0AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.0:alpha1:*:*:*:*:*:*",
                     matchCriteriaId: "D47A6409-4A47-4963-9D77-DCC92668B6F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.0:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "28417B5D-0086-436E-9698-20E8C3E5E2E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.0:beta2:*:*:*:*:*:*",
                     matchCriteriaId: "9EDDE01F-6F8A-412E-BFE3-5D0561629D12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.0:beta3:*:*:*:*:*:*",
                     matchCriteriaId: "F869EA5F-9246-48B2-8BF0-BF68DA091750",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.0:beta4:*:*:*:*:*:*",
                     matchCriteriaId: "508C8F60-141E-4168-BCC8-114CD777D2E0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.0:beta5:*:*:*:*:*:*",
                     matchCriteriaId: "94F0B03A-ABD8-44AC-99D6-3232EC44DDE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "44C86D23-6D06-4A62-90C3-173852C1545B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "E1FFE318-54E1-44B8-9164-696EE8CE280C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC14C9CB-1965-4659-8254-17EAB448616D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.2.0:alpha1:*:*:*:*:*:*",
                     matchCriteriaId: "B5846684-AB3C-4CF6-BEDB-660FDA8675DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.2.0:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "58B3621A-04A2-4302-9848-482B102895D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.2.0:beta2:*:*:*:*:*:*",
                     matchCriteriaId: "EC7DBCDC-72EE-4C57-8E69-8A733A4F3602",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.2.0:beta3:*:*:*:*:*:*",
                     matchCriteriaId: "D6212764-5B80-4340-8150-E8CD918ED396",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.2.0:beta4:*:*:*:*:*:*",
                     matchCriteriaId: "3D2F8A83-BB1A-4938-B1CD-2B604C43D4CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.2.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "EF6E8E02-CBCA-4AB3-8BDA-4177FEDECFF1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:6.2.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "221D7C16-BB9A-4145-9D18-D68728AFBF3B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).",
      },
   ],
   id: "CVE-2021-28025",
   lastModified: "2024-11-21T05:58:59.580",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-11T14:15:12.453",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-91507",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugreports.qt.io/browse/QTBUG-91507",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-16 19:15
Modified
2024-11-21 06:51
Summary
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
Impacted products
Vendor Product Version
qt qt *
qt qt *
linux linux_kernel -
opengroup unix -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B45907-8F77-416A-BD0E-D0F395BF16E0",
                     versionEndExcluding: "5.15.9",
                     versionStartIncluding: "5.9.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "458A2EFF-9F2D-4D5E-9605-047B231B41EE",
                     versionEndExcluding: "6.2.4",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.",
      },
      {
         lang: "es",
         value: "En Qt versiones 5.9.x hasta 5.15.x anteriores a 5.15.9 y versiones 6.x anteriores a 6.2.4 en Linux y UNIX, QProcess podía ejecutar un binario del directorio de trabajo actual cuando no era encontrado en el PATH",
      },
   ],
   id: "CVE-2022-25255",
   lastModified: "2024-11-21T06:51:53.200",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-16T19:15:09.300",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/393113",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/394914",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/396020",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/393113",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/394914",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://codereview.qt-project.org/c/qt/qtbase/+/396020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2021-38593
Vulnerability from cvelistv5
Published
2021-08-12 00:00
Modified
2024-08-04 01:44
Severity ?
Summary
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T01:44:23.600Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://wiki.qt.io/Qt_5.15_Release#Known_Issues",
               },
               {
                  name: "FEDORA-2022-54760f7fa4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/",
               },
               {
                  name: "FEDORA-2022-4131ced81a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/",
               },
               {
                  name: "GLSA-202402-03",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202402-03",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-03T07:06:32.200877",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c",
            },
            {
               url: "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd",
            },
            {
               url: "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566",
            },
            {
               url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml",
            },
            {
               url: "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders",
            },
            {
               url: "https://wiki.qt.io/Qt_5.15_Release#Known_Issues",
            },
            {
               name: "FEDORA-2022-54760f7fa4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/",
            },
            {
               name: "FEDORA-2022-4131ced81a",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/",
            },
            {
               name: "GLSA-202402-03",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202402-03",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-38593",
      datePublished: "2021-08-12T00:00:00",
      dateReserved: "2021-08-12T00:00:00",
      dateUpdated: "2024-08-04T01:44:23.600Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-43591
Vulnerability from cvelistv5
Published
2023-01-12 16:44
Modified
2024-08-03 13:32
Summary
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
Impacted products
Vendor Product Version
Qt Project Qt Version: 6.4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:32:59.732Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
               },
               {
                  name: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Qt",
               vendor: "Qt Project",
               versions: [
                  {
                     status: "affected",
                     version: "6.4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122: Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-12T16:44:10.325Z",
            orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            shortName: "talos",
         },
         references: [
            {
               name: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
               url: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
      assignerShortName: "talos",
      cveId: "CVE-2022-43591",
      datePublished: "2023-01-12T16:44:10.325Z",
      dateReserved: "2022-10-21T18:22:32.243Z",
      dateUpdated: "2024-08-03T13:32:59.732Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-39936
Vulnerability from cvelistv5
Published
2024-07-04 00:00
Modified
2024-08-02 04:33
Summary
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-39936",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-22T16:46:00.935832Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-22T16:46:26.342Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T04:33:11.513Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/571601",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 8.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-07-04T20:55:33.298937",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/571601",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2024-39936",
      datePublished: "2024-07-04T00:00:00",
      dateReserved: "2024-07-04T00:00:00",
      dateUpdated: "2024-08-02T04:33:11.513Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1859
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
Summary
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:54:16.334Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "FEDORA-2015-6114",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
               },
               {
                  name: "74307",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/74307",
               },
               {
                  name: "FEDORA-2015-6123",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
               },
               {
                  name: "74310",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/74310",
               },
               {
                  name: "GLSA-201603-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201603-10",
               },
               {
                  name: "FEDORA-2015-6315",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
               },
               {
                  name: "FEDORA-2015-6364",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
               },
               {
                  name: "USN-2626-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2626-1",
               },
               {
                  name: "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
               },
               {
                  name: "FEDORA-2015-6252",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-04-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-29T18:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "FEDORA-2015-6114",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
            },
            {
               name: "74307",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/74307",
            },
            {
               name: "FEDORA-2015-6123",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
            },
            {
               name: "74310",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/74310",
            },
            {
               name: "GLSA-201603-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201603-10",
            },
            {
               name: "FEDORA-2015-6315",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
            },
            {
               name: "FEDORA-2015-6364",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
            },
            {
               name: "USN-2626-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2626-1",
            },
            {
               name: "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
            },
            {
               name: "FEDORA-2015-6252",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-1859",
      datePublished: "2015-05-12T19:00:00",
      dateReserved: "2015-02-17T00:00:00",
      dateUpdated: "2024-08-06T04:54:16.334Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3481
Vulnerability from cvelistv5
Published
2022-08-22 00:00
Modified
2024-08-03 16:53
Severity ?
Summary
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
Impacted products
Vendor Product Version
n/a qt Version: Fixed in qt 5.12.11, qt 5.15.4, qt 6.0.3, qt 6.1.0RC.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:53:17.684Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugreports.qt.io/browse/QTBUG-91507",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtsvg/+/337646",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1931444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2021-3481",
               },
               {
                  name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "qt",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in qt 5.12.11, qt 5.15.4, qt 6.0.3, qt 6.1.0RC.",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 - Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-23T00:06:13.050577",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugreports.qt.io/browse/QTBUG-91507",
            },
            {
               url: "https://codereview.qt-project.org/c/qt/qtsvg/+/337646",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1931444",
            },
            {
               url: "https://access.redhat.com/security/cve/CVE-2021-3481",
            },
            {
               name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3481",
      datePublished: "2022-08-22T00:00:00",
      dateReserved: "2021-04-01T00:00:00",
      dateUpdated: "2024-08-03T16:53:17.684Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-0570
Vulnerability from cvelistv5
Published
2020-09-14 18:17
Modified
2024-08-04 06:02
Severity ?
Summary
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
Impacted products
Vendor Product Version
n/a QT Library Version: Fixed in qt 5.14.0, qt 5.12.7, qt 5.9.10
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T06:02:52.337Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1800604",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugreports.qt.io/browse/QTBUG-81272",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://lists.qt-project.org/pipermail/development/2020-January/038534.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "QT Library",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in qt 5.14.0, qt 5.12.7, qt 5.9.10",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Escalation of Privilege",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-08-21T16:50:44",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1800604",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugreports.qt.io/browse/QTBUG-81272",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://lists.qt-project.org/pipermail/development/2020-January/038534.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@intel.com",
               ID: "CVE-2020-0570",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "QT Library",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Fixed in qt 5.14.0, qt 5.12.7, qt 5.9.10",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Escalation of Privilege",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1800604",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1800604",
                  },
                  {
                     name: "https://bugreports.qt.io/browse/QTBUG-81272",
                     refsource: "CONFIRM",
                     url: "https://bugreports.qt.io/browse/QTBUG-81272",
                  },
                  {
                     name: "https://lists.qt-project.org/pipermail/development/2020-January/038534.html",
                     refsource: "CONFIRM",
                     url: "https://lists.qt-project.org/pipermail/development/2020-January/038534.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2020-0570",
      datePublished: "2020-09-14T18:17:32",
      dateReserved: "2019-10-28T00:00:00",
      dateUpdated: "2024-08-04T06:02:52.337Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19871
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.662Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/237761/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
               },
               {
                  name: "openSUSE-SU-2019:1115",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html",
               },
               {
                  name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
               },
               {
                  name: "RHSA-2019:2135",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2135",
               },
               {
                  name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-28T08:06:10",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#/c/237761/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
            },
            {
               name: "openSUSE-SU-2019:1115",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html",
            },
            {
               name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
            },
            {
               name: "RHSA-2019:2135",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2135",
            },
            {
               name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19871",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://codereview.qt-project.org/#/c/237761/",
                     refsource: "CONFIRM",
                     url: "https://codereview.qt-project.org/#/c/237761/",
                  },
                  {
                     name: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                     refsource: "CONFIRM",
                     url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                  },
                  {
                     name: "openSUSE-SU-2019:1115",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html",
                  },
                  {
                     name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
                  },
                  {
                     name: "RHSA-2019:2135",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2135",
                  },
                  {
                     name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19871",
      datePublished: "2018-12-26T20:00:00",
      dateReserved: "2018-12-05T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.662Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-5624
Vulnerability from cvelistv5
Published
2013-02-24 19:00
Modified
2024-09-16 18:45
Severity ?
Summary
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:14:16.054Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2013:0157",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html",
               },
               {
                  name: "USN-1723-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1723-1",
               },
               {
                  name: "52217",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/52217",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
               },
               {
                  name: "[oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/12/04/8",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#change%2C40034",
               },
               {
                  name: "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html",
               },
               {
                  name: "openSUSE-SU-2013:0154",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html",
               },
               {
                  name: "openSUSE-SU-2013:0143",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-02-24T19:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "openSUSE-SU-2013:0157",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html",
            },
            {
               name: "USN-1723-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1723-1",
            },
            {
               name: "52217",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/52217",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
            },
            {
               name: "[oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/12/04/8",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#change%2C40034",
            },
            {
               name: "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html",
            },
            {
               name: "openSUSE-SU-2013:0154",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html",
            },
            {
               name: "openSUSE-SU-2013:0143",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2012-5624",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "openSUSE-SU-2013:0157",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html",
                  },
                  {
                     name: "USN-1723-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1723-1",
                  },
                  {
                     name: "52217",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/52217",
                  },
                  {
                     name: "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
                     refsource: "CONFIRM",
                     url: "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
                  },
                  {
                     name: "[oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/12/04/8",
                  },
                  {
                     name: "https://codereview.qt-project.org/#change,40034",
                     refsource: "CONFIRM",
                     url: "https://codereview.qt-project.org/#change,40034",
                  },
                  {
                     name: "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
                     refsource: "MLIST",
                     url: "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html",
                  },
                  {
                     name: "openSUSE-SU-2013:0154",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html",
                  },
                  {
                     name: "openSUSE-SU-2013:0143",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-5624",
      datePublished: "2013-02-24T19:00:00Z",
      dateReserved: "2012-10-24T00:00:00Z",
      dateUpdated: "2024-09-16T18:45:23.183Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1858
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
Summary
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:54:16.434Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "FEDORA-2015-6114",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
               },
               {
                  name: "FEDORA-2015-6123",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
               },
               {
                  name: "GLSA-201603-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201603-10",
               },
               {
                  name: "FEDORA-2015-6315",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/108312/",
               },
               {
                  name: "FEDORA-2015-6364",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
               },
               {
                  name: "USN-2626-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2626-1",
               },
               {
                  name: "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
               },
               {
                  name: "74309",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/74309",
               },
               {
                  name: "FEDORA-2015-6252",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-04-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-29T18:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "FEDORA-2015-6114",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
            },
            {
               name: "FEDORA-2015-6123",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
            },
            {
               name: "GLSA-201603-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201603-10",
            },
            {
               name: "FEDORA-2015-6315",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#/c/108312/",
            },
            {
               name: "FEDORA-2015-6364",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
            },
            {
               name: "USN-2626-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2626-1",
            },
            {
               name: "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
            },
            {
               name: "74309",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/74309",
            },
            {
               name: "FEDORA-2015-6252",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-1858",
      datePublished: "2015-05-12T19:00:00",
      dateReserved: "2015-02-17T00:00:00",
      dateUpdated: "2024-08-06T04:54:16.434Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-37369
Vulnerability from cvelistv5
Published
2023-08-20 00:00
Modified
2024-08-02 17:09
Severity ?
Summary
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-37369",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-06-05T20:39:00.158917Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-05T20:39:08.149Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T17:09:34.076Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugreports.qt.io/browse/QTBUG-114829",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/455027",
               },
               {
                  name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
               },
               {
                  name: "FEDORA-2023-0e68827d36",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/",
               },
               {
                  name: "FEDORA-2023-fd45b50121",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/",
               },
               {
                  name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-01T00:06:17.111232",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://bugreports.qt.io/browse/QTBUG-114829",
            },
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/455027",
            },
            {
               name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
            },
            {
               name: "FEDORA-2023-0e68827d36",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/",
            },
            {
               name: "FEDORA-2023-fd45b50121",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/",
            },
            {
               name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-37369",
      datePublished: "2023-08-20T00:00:00",
      dateReserved: "2023-06-30T00:00:00",
      dateUpdated: "2024-08-02T17:09:34.076Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-51714
Vulnerability from cvelistv5
Published
2023-12-24 00:00
Modified
2024-08-02 22:40
Severity ?
Summary
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T22:40:34.220Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/524864",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3",
               },
               {
                  name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-01T00:06:18.651501",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/524864",
            },
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3",
            },
            {
               name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-51714",
      datePublished: "2023-12-24T00:00:00",
      dateReserved: "2023-12-22T00:00:00",
      dateUpdated: "2024-08-02T22:40:34.220Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-34410
Vulnerability from cvelistv5
Published
2023-06-05 00:00
Modified
2025-01-08 16:58
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T16:10:06.822Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/477560",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/480002",
               },
               {
                  name: "FEDORA-2023-0d4b3316f6",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/",
               },
               {
                  name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "NONE",
                     baseScore: 5.3,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "NONE",
                     integrityImpact: "LOW",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-34410",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-08T16:58:49.630299Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-295",
                        description: "CWE-295 Improper Certificate Validation",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-08T16:58:53.614Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-23T00:06:20.910150",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/477560",
            },
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/480002",
            },
            {
               name: "FEDORA-2023-0d4b3316f6",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/",
            },
            {
               name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-34410",
      datePublished: "2023-06-05T00:00:00",
      dateReserved: "2023-06-05T00:00:00",
      dateUpdated: "2025-01-08T16:58:53.614Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-15518
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 09:54
Severity ?
Summary
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T09:54:03.620Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-4374",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4374",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/236691/",
               },
               {
                  name: "openSUSE-SU-2018:4261",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html",
               },
               {
                  name: "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/236691/",
               },
               {
                  name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
               },
               {
                  name: "USN-4003-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4003-1/",
               },
               {
                  name: "RHSA-2019:2135",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2135",
               },
               {
                  name: "RHSA-2019:3390",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3390",
               },
               {
                  name: "openSUSE-SU-2020:1452",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
               },
               {
                  name: "openSUSE-SU-2020:1500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
               },
               {
                  name: "openSUSE-SU-2020:1501",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
               },
               {
                  name: "openSUSE-SU-2020:1530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
               },
               {
                  name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-28T08:06:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-4374",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4374",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#/c/236691/",
            },
            {
               name: "openSUSE-SU-2018:4261",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html",
            },
            {
               name: "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/236691/",
            },
            {
               name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
            },
            {
               name: "USN-4003-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4003-1/",
            },
            {
               name: "RHSA-2019:2135",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2135",
            },
            {
               name: "RHSA-2019:3390",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3390",
            },
            {
               name: "openSUSE-SU-2020:1452",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
            },
            {
               name: "openSUSE-SU-2020:1500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
            },
            {
               name: "openSUSE-SU-2020:1501",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
            },
            {
               name: "openSUSE-SU-2020:1530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
            },
            {
               name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-15518",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-4374",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4374",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/236691/",
                     refsource: "CONFIRM",
                     url: "https://codereview.qt-project.org/#/c/236691/",
                  },
                  {
                     name: "openSUSE-SU-2018:4261",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html",
                  },
                  {
                     name: "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
                  },
                  {
                     name: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                     refsource: "CONFIRM",
                     url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                  },
                  {
                     name: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                     refsource: "MISC",
                     url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/236691/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/236691/",
                  },
                  {
                     name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
                  },
                  {
                     name: "USN-4003-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4003-1/",
                  },
                  {
                     name: "RHSA-2019:2135",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2135",
                  },
                  {
                     name: "RHSA-2019:3390",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:3390",
                  },
                  {
                     name: "openSUSE-SU-2020:1452",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1500",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1501",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1530",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-15518",
      datePublished: "2018-12-26T20:00:00",
      dateReserved: "2018-08-18T00:00:00",
      dateUpdated: "2024-08-05T09:54:03.620Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-0190
Vulnerability from cvelistv5
Published
2014-05-08 14:00
Modified
2024-08-06 09:05
Severity ?
Summary
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:05:39.205Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.kde.org/show_bug.cgi?id=333404",
               },
               {
                  name: "openSUSE-SU-2015:0573",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html",
               },
               {
                  name: "FEDORA-2014-6922",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html",
               },
               {
                  name: "USN-2626-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2626-1",
               },
               {
                  name: "[Announce] 20140424 Qt Security Advisory: DoS vulnerability in the GIF image handler",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html",
               },
               {
                  name: "FEDORA-2014-6896",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html",
               },
               {
                  name: "FEDORA-2014-5695",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html",
               },
               {
                  name: "67087",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/67087",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-04-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-29T18:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.kde.org/show_bug.cgi?id=333404",
            },
            {
               name: "openSUSE-SU-2015:0573",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html",
            },
            {
               name: "FEDORA-2014-6922",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html",
            },
            {
               name: "USN-2626-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2626-1",
            },
            {
               name: "[Announce] 20140424 Qt Security Advisory: DoS vulnerability in the GIF image handler",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html",
            },
            {
               name: "FEDORA-2014-6896",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html",
            },
            {
               name: "FEDORA-2014-5695",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html",
            },
            {
               name: "67087",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/67087",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0190",
      datePublished: "2014-05-08T14:00:00",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T09:05:39.205Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-10904
Vulnerability from cvelistv5
Published
2017-12-15 14:00
Modified
2024-08-05 17:50
Severity ?
Summary
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
References
Impacted products
Vendor Product Version
The Qt Company Qt for Android Version: prior to 5.9.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T17:50:12.619Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "JVN#67389262",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_JVN",
                     "x_transferred",
                  ],
                  url: "https://jvn.jp/en/jp/JVN67389262/index.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Qt for Android",
               vendor: "The Qt Company",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 5.9.0",
                  },
               ],
            },
         ],
         datePublic: "2017-12-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "OS Command Injection",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-15T13:57:01",
            orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            shortName: "jpcert",
         },
         references: [
            {
               name: "JVN#67389262",
               tags: [
                  "third-party-advisory",
                  "x_refsource_JVN",
               ],
               url: "https://jvn.jp/en/jp/JVN67389262/index.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "vultures@jpcert.or.jp",
               ID: "CVE-2017-10904",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Qt for Android",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 5.9.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "The Qt Company",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "OS Command Injection",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "JVN#67389262",
                     refsource: "JVN",
                     url: "https://jvn.jp/en/jp/JVN67389262/index.html",
                  },
                  {
                     name: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
                     refsource: "CONFIRM",
                     url: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
      assignerShortName: "jpcert",
      cveId: "CVE-2017-10904",
      datePublished: "2017-12-15T14:00:00",
      dateReserved: "2017-07-04T00:00:00",
      dateUpdated: "2024-08-05T17:50:12.619Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4549
Vulnerability from cvelistv5
Published
2013-12-23 22:00
Modified
2024-08-06 16:45
Severity ?
Summary
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:45:14.815Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html",
               },
               {
                  name: "56166",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/56166",
               },
               {
                  name: "openSUSE-SU-2014:0173",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html",
               },
               {
                  name: "56008",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/56008",
               },
               {
                  name: "openSUSE-SU-2014:0125",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#change%2C71010",
               },
               {
                  name: "openSUSE-SU-2014:0176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html",
               },
               {
                  name: "openSUSE-SU-2014:0067",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/",
               },
               {
                  name: "USN-2057-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2057-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#change%2C71368",
               },
               {
                  name: "openSUSE-SU-2014:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html",
               },
               {
                  name: "FEDORA-2014-5695",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-12-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-05-08T12:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html",
            },
            {
               name: "56166",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/56166",
            },
            {
               name: "openSUSE-SU-2014:0173",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html",
            },
            {
               name: "56008",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/56008",
            },
            {
               name: "openSUSE-SU-2014:0125",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#change%2C71010",
            },
            {
               name: "openSUSE-SU-2014:0176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html",
            },
            {
               name: "openSUSE-SU-2014:0067",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/",
            },
            {
               name: "USN-2057-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2057-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#change%2C71368",
            },
            {
               name: "openSUSE-SU-2014:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html",
            },
            {
               name: "FEDORA-2014-5695",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-4549",
      datePublished: "2013-12-23T22:00:00",
      dateReserved: "2013-06-12T00:00:00",
      dateUpdated: "2024-08-06T16:45:14.815Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-9541
Vulnerability from cvelistv5
Published
2020-01-24 21:53
Modified
2024-08-06 08:51
Severity ?
Summary
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T08:51:05.319Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugreports.qt.io/browse/QTBUG-47417",
               },
               {
                  name: "FEDORA-2020-ca02c529f8",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/",
               },
               {
                  name: "FEDORA-2020-3069e44be5",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-25T06:06:13",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugreports.qt.io/browse/QTBUG-47417",
            },
            {
               name: "FEDORA-2020-ca02c529f8",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/",
            },
            {
               name: "FEDORA-2020-3069e44be5",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-9541",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugreports.qt.io/browse/QTBUG-47417",
                     refsource: "MISC",
                     url: "https://bugreports.qt.io/browse/QTBUG-47417",
                  },
                  {
                     name: "FEDORA-2020-ca02c529f8",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/",
                  },
                  {
                     name: "FEDORA-2020-3069e44be5",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-9541",
      datePublished: "2020-01-24T21:53:41",
      dateReserved: "2020-01-24T00:00:00",
      dateUpdated: "2024-08-06T08:51:05.319Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-21035
Vulnerability from cvelistv5
Published
2020-02-28 19:17
Modified
2024-08-05 12:19
Summary
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T12:19:27.472Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugreports.qt.io/browse/QTBUG-70693",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-28T19:17:43",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugreports.qt.io/browse/QTBUG-70693",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-21035",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735",
                  },
                  {
                     name: "https://bugreports.qt.io/browse/QTBUG-70693",
                     refsource: "MISC",
                     url: "https://bugreports.qt.io/browse/QTBUG-70693",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-21035",
      datePublished: "2020-02-28T19:17:43",
      dateReserved: "2020-02-28T00:00:00",
      dateUpdated: "2024-08-05T12:19:27.472Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2011-3194
Vulnerability from cvelistv5
Published
2012-06-16 00:00
Modified
2024-08-06 23:29
Severity ?
Summary
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
References
http://secunia.com/advisories/46371third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1504-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/46140third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2011/08/24/8mailing-list, x_refsource_MLIST
http://security.gentoo.org/glsa/glsa-201206-02.xmlvendor-advisory, x_refsource_GENTOO
http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/46410third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/69975vdb-entry, x_refsource_XF
http://www.openwall.com/lists/oss-security/2011/08/22/6mailing-list, x_refsource_MLIST
https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465x_refsource_CONFIRM
http://secunia.com/advisories/46128third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/46187third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/49895third-party-advisory, x_refsource_SECUNIA
https://bugzilla.novell.com/show_bug.cgi?id=637275x_refsource_MISC
http://secunia.com/advisories/49383third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/49724vdb-entry, x_refsource_BID
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.htmlvendor-advisory, x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2011-1323.htmlvendor-advisory, x_refsource_REDHAT
https://hermes.opensuse.org/messages/12056605vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2011-1328.htmlvendor-advisory, x_refsource_REDHAT
http://www.osvdb.org/75653vdb-entry, x_refsource_OSVDB
http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T23:29:56.371Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "46371",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46371",
               },
               {
                  name: "USN-1504-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1504-1",
               },
               {
                  name: "46140",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46140",
               },
               {
                  name: "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2011/08/24/8",
               },
               {
                  name: "GLSA-201206-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-201206-02.xml",
               },
               {
                  name: "openSUSE-SU-2011:1119",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html",
               },
               {
                  name: "46410",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46410",
               },
               {
                  name: "qt-grayscale-bo(69975)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975",
               },
               {
                  name: "[oss-security] 20120822 CVE request: libqt4: two memory issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2011/08/22/6",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465",
               },
               {
                  name: "46128",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46128",
               },
               {
                  name: "46187",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46187",
               },
               {
                  name: "49895",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49895",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.novell.com/show_bug.cgi?id=637275",
               },
               {
                  name: "49383",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49383",
               },
               {
                  name: "49724",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/49724",
               },
               {
                  name: "FEDORA-2011-12145",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html",
               },
               {
                  name: "RHSA-2011:1323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2011-1323.html",
               },
               {
                  name: "SUSE-SU-2011:1113",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "https://hermes.opensuse.org/messages/12056605",
               },
               {
                  name: "RHSA-2011:1328",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2011-1328.html",
               },
               {
                  name: "75653",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/75653",
               },
               {
                  name: "openSUSE-SU-2011:1120",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2011-08-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "46371",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46371",
            },
            {
               name: "USN-1504-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1504-1",
            },
            {
               name: "46140",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46140",
            },
            {
               name: "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2011/08/24/8",
            },
            {
               name: "GLSA-201206-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-201206-02.xml",
            },
            {
               name: "openSUSE-SU-2011:1119",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html",
            },
            {
               name: "46410",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46410",
            },
            {
               name: "qt-grayscale-bo(69975)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975",
            },
            {
               name: "[oss-security] 20120822 CVE request: libqt4: two memory issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2011/08/22/6",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465",
            },
            {
               name: "46128",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46128",
            },
            {
               name: "46187",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46187",
            },
            {
               name: "49895",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49895",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.novell.com/show_bug.cgi?id=637275",
            },
            {
               name: "49383",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49383",
            },
            {
               name: "49724",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/49724",
            },
            {
               name: "FEDORA-2011-12145",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html",
            },
            {
               name: "RHSA-2011:1323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2011-1323.html",
            },
            {
               name: "SUSE-SU-2011:1113",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "https://hermes.opensuse.org/messages/12056605",
            },
            {
               name: "RHSA-2011:1328",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2011-1328.html",
            },
            {
               name: "75653",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/75653",
            },
            {
               name: "openSUSE-SU-2011:1120",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2011-3194",
      datePublished: "2012-06-16T00:00:00",
      dateReserved: "2011-08-19T00:00:00",
      dateUpdated: "2024-08-06T23:29:56.371Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1290
Vulnerability from cvelistv5
Published
2018-01-09 16:00
Modified
2024-08-06 04:40
Severity ?
Summary
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:40:18.267Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/chromium/issues/detail?id=505374",
               },
               {
                  name: "openSUSE-SU-2015:2368",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.chromium.org/1233453004",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-07-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-09T15:57:01",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.chromium.org/p/chromium/issues/detail?id=505374",
            },
            {
               name: "openSUSE-SU-2015:2368",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.chromium.org/1233453004",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2015-1290",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1",
                     refsource: "CONFIRM",
                     url: "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1",
                  },
                  {
                     name: "https://bugs.chromium.org/p/chromium/issues/detail?id=505374",
                     refsource: "CONFIRM",
                     url: "https://bugs.chromium.org/p/chromium/issues/detail?id=505374",
                  },
                  {
                     name: "openSUSE-SU-2015:2368",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html",
                  },
                  {
                     name: "http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80",
                     refsource: "MISC",
                     url: "http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80",
                  },
                  {
                     name: "https://codereview.chromium.org/1233453004",
                     refsource: "CONFIRM",
                     url: "https://codereview.chromium.org/1233453004",
                  },
                  {
                     name: "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
                     refsource: "CONFIRM",
                     url: "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2015-1290",
      datePublished: "2018-01-09T16:00:00",
      dateReserved: "2015-01-21T00:00:00",
      dateUpdated: "2024-08-06T04:40:18.267Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2006-4811
Vulnerability from cvelistv5
Published
2006-10-18 17:00
Modified
2024-08-07 19:23
Severity ?
Summary
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.
References
http://securitytracker.com/id?1017084vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2006-0725.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/22738third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22485third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22586third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/22579third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22520third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22479third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:186vendor-advisory, x_refsource_MANDRIVA
http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733x_refsource_CONFIRM
http://secunia.com/advisories/22380third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-368-1vendor-advisory, x_refsource_UBUNTU
ftp://patches.sgi.com/support/free/security/advisories/20061002-01-Pvendor-advisory, x_refsource_SGI
http://www.mandriva.com/security/advisories?name=MDKSA-2006:187vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/22645third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/20599vdb-entry, x_refsource_BID
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-Pvendor-advisory, x_refsource_SGI
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200703-06.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/24347third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22890third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22397third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0720.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/22929third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200611-02.xmlvendor-advisory, x_refsource_GENTOO
http://www.us.debian.org/security/2006/dsa-1200vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2006/4099vdb-entry, x_refsource_VUPEN
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634vendor-advisory, x_refsource_SLACKWARE
http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/22492third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22589third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-723x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/449173/100/0/threadedmailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T19:23:41.159Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1017084",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1017084",
               },
               {
                  name: "RHSA-2006:0725",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2006-0725.html",
               },
               {
                  name: "22738",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22738",
               },
               {
                  name: "22485",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22485",
               },
               {
                  name: "22586",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22586",
               },
               {
                  name: "oval:org.mitre.oval:def:10218",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218",
               },
               {
                  name: "22579",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22579",
               },
               {
                  name: "22520",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22520",
               },
               {
                  name: "22479",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22479",
               },
               {
                  name: "MDKSA-2006:186",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733",
               },
               {
                  name: "22380",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22380",
               },
               {
                  name: "USN-368-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-368-1",
               },
               {
                  name: "20061002-01-P",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P",
               },
               {
                  name: "MDKSA-2006:187",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187",
               },
               {
                  name: "22645",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22645",
               },
               {
                  name: "20599",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/20599",
               },
               {
                  name: "20061101-01-P",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742",
               },
               {
                  name: "GLSA-200703-06",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200703-06.xml",
               },
               {
                  name: "24347",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24347",
               },
               {
                  name: "22890",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22890",
               },
               {
                  name: "22397",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22397",
               },
               {
                  name: "RHSA-2006:0720",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2006-0720.html",
               },
               {
                  name: "22929",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22929",
               },
               {
                  name: "GLSA-200611-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200611-02.xml",
               },
               {
                  name: "DSA-1200",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.us.debian.org/security/2006/dsa-1200",
               },
               {
                  name: "ADV-2006-4099",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/4099",
               },
               {
                  name: "SSA:2006-298-01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SLACKWARE",
                     "x_transferred",
                  ],
                  url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634",
               },
               {
                  name: "SUSE-SA:2006:063",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html",
               },
               {
                  name: "22492",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22492",
               },
               {
                  name: "22589",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22589",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-723",
               },
               {
                  name: "20061018 rPSA-2006-0195-1 kdelibs",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/449173/100/0/threaded",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-10-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-17T20:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "1017084",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1017084",
            },
            {
               name: "RHSA-2006:0725",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2006-0725.html",
            },
            {
               name: "22738",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22738",
            },
            {
               name: "22485",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22485",
            },
            {
               name: "22586",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22586",
            },
            {
               name: "oval:org.mitre.oval:def:10218",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218",
            },
            {
               name: "22579",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22579",
            },
            {
               name: "22520",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22520",
            },
            {
               name: "22479",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22479",
            },
            {
               name: "MDKSA-2006:186",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733",
            },
            {
               name: "22380",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22380",
            },
            {
               name: "USN-368-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-368-1",
            },
            {
               name: "20061002-01-P",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P",
            },
            {
               name: "MDKSA-2006:187",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187",
            },
            {
               name: "22645",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22645",
            },
            {
               name: "20599",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/20599",
            },
            {
               name: "20061101-01-P",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742",
            },
            {
               name: "GLSA-200703-06",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200703-06.xml",
            },
            {
               name: "24347",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24347",
            },
            {
               name: "22890",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22890",
            },
            {
               name: "22397",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22397",
            },
            {
               name: "RHSA-2006:0720",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2006-0720.html",
            },
            {
               name: "22929",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22929",
            },
            {
               name: "GLSA-200611-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200611-02.xml",
            },
            {
               name: "DSA-1200",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.us.debian.org/security/2006/dsa-1200",
            },
            {
               name: "ADV-2006-4099",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/4099",
            },
            {
               name: "SSA:2006-298-01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
               ],
               url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634",
            },
            {
               name: "SUSE-SA:2006:063",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html",
            },
            {
               name: "22492",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22492",
            },
            {
               name: "22589",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22589",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-723",
            },
            {
               name: "20061018 rPSA-2006-0195-1 kdelibs",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/449173/100/0/threaded",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2006-4811",
      datePublished: "2006-10-18T17:00:00",
      dateReserved: "2006-09-15T00:00:00",
      dateUpdated: "2024-08-07T19:23:41.159Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-32763
Vulnerability from cvelistv5
Published
2023-05-28 00:00
Modified
2024-08-02 15:25
Severity ?
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T15:25:36.992Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/476125",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html",
               },
               {
                  name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
               },
               {
                  name: "GLSA-202402-03",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202402-03",
               },
               {
                  name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-01T00:06:20.172374",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/476125",
            },
            {
               url: "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html",
            },
            {
               name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
            },
            {
               name: "GLSA-202402-03",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202402-03",
            },
            {
               name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-32763",
      datePublished: "2023-05-28T00:00:00",
      dateReserved: "2023-05-15T00:00:00",
      dateUpdated: "2024-08-02T15:25:36.992Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-17507
Vulnerability from cvelistv5
Published
2020-08-12 17:35
Modified
2024-08-04 14:00
Severity ?
Summary
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T14:00:47.515Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
               },
               {
                  name: "FEDORA-2020-b8091188d0",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
               },
               {
                  name: "FEDORA-2020-8dd86f1b3f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
               },
               {
                  name: "GLSA-202009-04",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202009-04",
               },
               {
                  name: "openSUSE-SU-2020:1452",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
               },
               {
                  name: "openSUSE-SU-2020:1500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
               },
               {
                  name: "openSUSE-SU-2020:1501",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
               },
               {
                  name: "openSUSE-SU-2020:1530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
               },
               {
                  name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
               },
               {
                  name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
               },
               {
                  name: "openSUSE-SU-2020:1564",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
               },
               {
                  name: "openSUSE-SU-2020:1568",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-28T23:06:08",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
            },
            {
               name: "FEDORA-2020-b8091188d0",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
            },
            {
               name: "FEDORA-2020-8dd86f1b3f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
            },
            {
               name: "GLSA-202009-04",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202009-04",
            },
            {
               name: "openSUSE-SU-2020:1452",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
            },
            {
               name: "openSUSE-SU-2020:1500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
            },
            {
               name: "openSUSE-SU-2020:1501",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
            },
            {
               name: "openSUSE-SU-2020:1530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
            },
            {
               name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
            },
            {
               name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
            },
            {
               name: "openSUSE-SU-2020:1564",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
            },
            {
               name: "openSUSE-SU-2020:1568",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-17507",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
                  },
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
                  },
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
                  },
                  {
                     name: "FEDORA-2020-b8091188d0",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
                  },
                  {
                     name: "FEDORA-2020-8dd86f1b3f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
                  },
                  {
                     name: "GLSA-202009-04",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202009-04",
                  },
                  {
                     name: "openSUSE-SU-2020:1452",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1500",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1501",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1530",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1564",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1568",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-17507",
      datePublished: "2020-08-12T17:35:20",
      dateReserved: "2020-08-12T00:00:00",
      dateUpdated: "2024-08-04T14:00:47.515Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1860
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
Summary
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:54:16.328Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "FEDORA-2015-6114",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
               },
               {
                  name: "FEDORA-2015-6573",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html",
               },
               {
                  name: "FEDORA-2015-6123",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
               },
               {
                  name: "GLSA-201603-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201603-10",
               },
               {
                  name: "FEDORA-2015-6315",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
               },
               {
                  name: "FEDORA-2015-6613",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html",
               },
               {
                  name: "74302",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/74302",
               },
               {
                  name: "FEDORA-2015-6364",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
               },
               {
                  name: "FEDORA-2015-6661",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html",
               },
               {
                  name: "USN-2626-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2626-1",
               },
               {
                  name: "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/108248/",
               },
               {
                  name: "FEDORA-2015-6252",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-04-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-29T18:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "FEDORA-2015-6114",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
            },
            {
               name: "FEDORA-2015-6573",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html",
            },
            {
               name: "FEDORA-2015-6123",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
            },
            {
               name: "GLSA-201603-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201603-10",
            },
            {
               name: "FEDORA-2015-6315",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
            },
            {
               name: "FEDORA-2015-6613",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html",
            },
            {
               name: "74302",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/74302",
            },
            {
               name: "FEDORA-2015-6364",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
            },
            {
               name: "FEDORA-2015-6661",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html",
            },
            {
               name: "USN-2626-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2626-1",
            },
            {
               name: "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#/c/108248/",
            },
            {
               name: "FEDORA-2015-6252",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-1860",
      datePublished: "2015-05-12T19:00:00",
      dateReserved: "2015-02-17T00:00:00",
      dateUpdated: "2024-08-06T04:54:16.328Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-38197
Vulnerability from cvelistv5
Published
2023-07-13 00:00
Modified
2024-08-02 17:30
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "qt",
                  vendor: "qt",
                  versions: [
                     {
                        lessThan: "5.15.5",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:qt:qt:6.3.0:-:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "qt",
                  vendor: "qt",
                  versions: [
                     {
                        lessThan: "6.5.3",
                        status: "affected",
                        version: "6.3.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "fedora",
                  vendor: "fedoraproject",
                  versions: [
                     {
                        status: "affected",
                        version: "38",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "fedora",
                  vendor: "fedoraproject",
                  versions: [
                     {
                        status: "affected",
                        version: "37",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:qt:qt:6.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "qt",
                  vendor: "qt",
                  versions: [
                     {
                        lessThan: "6.2.10",
                        status: "affected",
                        version: "6.0.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 7.5,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "NONE",
                     integrityImpact: "NONE",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-38197",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-18T16:48:43.530719Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-835",
                        description: "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-18T16:48:48.121Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T17:30:14.271Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/488960",
               },
               {
                  name: "FEDORA-2023-364ae10761",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/",
               },
               {
                  name: "FEDORA-2023-5ead27b6d2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/",
               },
               {
                  name: "FEDORA-2023-ff372f9829",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/",
               },
               {
                  name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
               },
               {
                  name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-01T00:06:13.722212",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/488960",
            },
            {
               name: "FEDORA-2023-364ae10761",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/",
            },
            {
               name: "FEDORA-2023-5ead27b6d2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/",
            },
            {
               name: "FEDORA-2023-ff372f9829",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/",
            },
            {
               name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
            },
            {
               name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-38197",
      datePublished: "2023-07-13T00:00:00",
      dateReserved: "2023-07-13T00:00:00",
      dateUpdated: "2024-08-02T17:30:14.271Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13962
Vulnerability from cvelistv5
Published
2020-06-08 23:14
Modified
2024-08-04 12:32
Severity ?
Summary
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:32:14.668Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/mumble-voip/mumble/pull/4032",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugreports.qt.io/browse/QTBUG-83450",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/mumble-voip/mumble/issues/3679",
               },
               {
                  name: "GLSA-202007-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202007-18",
               },
               {
                  name: "openSUSE-SU-2020:1319",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
               },
               {
                  name: "FEDORA-2020-f869e01557",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
               },
               {
                  name: "FEDORA-2020-ca26a3f832",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
               },
               {
                  name: "FEDORA-2020-8372f6bae4",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-10-05T18:06:15",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/mumble-voip/mumble/pull/4032",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugreports.qt.io/browse/QTBUG-83450",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/mumble-voip/mumble/issues/3679",
            },
            {
               name: "GLSA-202007-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202007-18",
            },
            {
               name: "openSUSE-SU-2020:1319",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
            },
            {
               name: "FEDORA-2020-f869e01557",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
            },
            {
               name: "FEDORA-2020-ca26a3f832",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
            },
            {
               name: "FEDORA-2020-8372f6bae4",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13962",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/mumble-voip/mumble/pull/4032",
                     refsource: "MISC",
                     url: "https://github.com/mumble-voip/mumble/pull/4032",
                  },
                  {
                     name: "https://bugreports.qt.io/browse/QTBUG-83450",
                     refsource: "MISC",
                     url: "https://bugreports.qt.io/browse/QTBUG-83450",
                  },
                  {
                     name: "https://github.com/mumble-voip/mumble/issues/3679",
                     refsource: "MISC",
                     url: "https://github.com/mumble-voip/mumble/issues/3679",
                  },
                  {
                     name: "GLSA-202007-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202007-18",
                  },
                  {
                     name: "openSUSE-SU-2020:1319",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
                  },
                  {
                     name: "FEDORA-2020-f869e01557",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
                  },
                  {
                     name: "FEDORA-2020-ca26a3f832",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
                  },
                  {
                     name: "FEDORA-2020-8372f6bae4",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13962",
      datePublished: "2020-06-08T23:14:10",
      dateReserved: "2020-06-08T00:00:00",
      dateUpdated: "2024-08-04T12:32:14.668Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-32762
Vulnerability from cvelistv5
Published
2023-05-28 00:00
Modified
2024-08-19 16:42
Summary
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T15:25:37.052Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/476140",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html",
               },
               {
                  name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "qtbase",
                  vendor: "qt",
                  versions: [
                     {
                        lessThan: "5.15.14",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "qtbase",
                  vendor: "qt",
                  versions: [
                     {
                        lessThan: "6.2.9",
                        status: "affected",
                        version: "6.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "qtbase",
                  vendor: "qt",
                  versions: [
                     {
                        lessThan: "6.5.1",
                        status: "affected",
                        version: "6.3.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "NONE",
                     baseScore: 5.3,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "NONE",
                     integrityImpact: "LOW",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-32762",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-01T14:17:39.605223Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-08-19T16:42:12.680Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-01T00:06:23.176268",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/476140",
            },
            {
               url: "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305",
            },
            {
               url: "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html",
            },
            {
               name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-32762",
      datePublished: "2023-05-28T00:00:00",
      dateReserved: "2023-05-15T00:00:00",
      dateUpdated: "2024-08-19T16:42:12.680Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-6093
Vulnerability from cvelistv5
Published
2013-02-24 19:00
Modified
2024-08-06 21:21
Severity ?
Summary
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:21:28.816Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2013:0204",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#change%2C42461",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582",
               },
               {
                  name: "USN-1723-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1723-1",
               },
               {
                  name: "openSUSE-SU-2013:0256",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html",
               },
               {
                  name: "52217",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/52217",
               },
               {
                  name: "openSUSE-SU-2013:0211",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29",
               },
               {
                  name: "[Announce] 20130102 Qt Project Security Advisory: QSslSocket may report incorrect errors when certificate verification fails",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29",
               },
               {
                  name: "[oss-security] 20130104 Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/01/04/6",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=891955",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-02-24T19:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "openSUSE-SU-2013:0204",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#change%2C42461",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582",
            },
            {
               name: "USN-1723-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1723-1",
            },
            {
               name: "openSUSE-SU-2013:0256",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html",
            },
            {
               name: "52217",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/52217",
            },
            {
               name: "openSUSE-SU-2013:0211",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29",
            },
            {
               name: "[Announce] 20130102 Qt Project Security Advisory: QSslSocket may report incorrect errors when certificate verification fails",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29",
            },
            {
               name: "[oss-security] 20130104 Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/01/04/6",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=891955",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-6093",
      datePublished: "2013-02-24T19:00:00Z",
      dateReserved: "2012-12-06T00:00:00Z",
      dateUpdated: "2024-08-06T21:21:28.816Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-32573
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2024-08-02 15:18
Severity ?
Summary
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T15:18:37.809Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtsvg/+/474093",
               },
               {
                  name: "FEDORA-2023-0d4b3316f6",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/",
               },
               {
                  name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-23T00:06:14.525652",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://codereview.qt-project.org/c/qt/qtsvg/+/474093",
            },
            {
               name: "FEDORA-2023-0d4b3316f6",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/",
            },
            {
               name: "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-32573",
      datePublished: "2023-05-10T00:00:00",
      dateReserved: "2023-05-10T00:00:00",
      dateUpdated: "2024-08-02T15:18:37.809Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2011-3193
Vulnerability from cvelistv5
Published
2012-06-16 00:00
Modified
2024-08-06 23:29
Severity ?
Summary
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
References
http://secunia.com/advisories/46371third-party-advisory, x_refsource_SECUNIA
http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0x_refsource_MISC
http://www.ubuntu.com/usn/USN-1504-1vendor-advisory, x_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2011/08/24/8mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/41537third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/46410third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2011-1327.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2011-1325.htmlvendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2011/08/22/6mailing-list, x_refsource_MLIST
http://secunia.com/advisories/46128third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2011-1324.htmlvendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2011/08/25/1mailing-list, x_refsource_MLIST
http://secunia.com/advisories/49895third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/46117third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2011-1326.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/46119third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/49723vdb-entry, x_refsource_BID
http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2011-1323.htmlvendor-advisory, x_refsource_REDHAT
https://hermes.opensuse.org/messages/12056605vendor-advisory, x_refsource_SUSE
http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2011-1328.htmlvendor-advisory, x_refsource_REDHAT
https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775cx_refsource_CONFIRM
http://www.osvdb.org/75652vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/46118third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/69991vdb-entry, x_refsource_XF
http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T23:29:55.288Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "46371",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46371",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0",
               },
               {
                  name: "USN-1504-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1504-1",
               },
               {
                  name: "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2011/08/24/8",
               },
               {
                  name: "openSUSE-SU-2011:1119",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html",
               },
               {
                  name: "41537",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/41537",
               },
               {
                  name: "46410",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46410",
               },
               {
                  name: "RHSA-2011:1327",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2011-1327.html",
               },
               {
                  name: "RHSA-2011:1325",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2011-1325.html",
               },
               {
                  name: "[oss-security] 20120822 CVE request: libqt4: two memory issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2011/08/22/6",
               },
               {
                  name: "46128",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46128",
               },
               {
                  name: "RHSA-2011:1324",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2011-1324.html",
               },
               {
                  name: "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2011/08/25/1",
               },
               {
                  name: "49895",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49895",
               },
               {
                  name: "46117",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46117",
               },
               {
                  name: "RHSA-2011:1326",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2011-1326.html",
               },
               {
                  name: "46119",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46119",
               },
               {
                  name: "49723",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/49723",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08",
               },
               {
                  name: "RHSA-2011:1323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2011-1323.html",
               },
               {
                  name: "SUSE-SU-2011:1113",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "https://hermes.opensuse.org/messages/12056605",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65",
               },
               {
                  name: "RHSA-2011:1328",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2011-1328.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c",
               },
               {
                  name: "75652",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/75652",
               },
               {
                  name: "46118",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46118",
               },
               {
                  name: "pango-harfbuzz-bo(69991)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991",
               },
               {
                  name: "openSUSE-SU-2011:1120",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2011-08-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "46371",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46371",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0",
            },
            {
               name: "USN-1504-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1504-1",
            },
            {
               name: "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2011/08/24/8",
            },
            {
               name: "openSUSE-SU-2011:1119",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html",
            },
            {
               name: "41537",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/41537",
            },
            {
               name: "46410",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46410",
            },
            {
               name: "RHSA-2011:1327",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2011-1327.html",
            },
            {
               name: "RHSA-2011:1325",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2011-1325.html",
            },
            {
               name: "[oss-security] 20120822 CVE request: libqt4: two memory issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2011/08/22/6",
            },
            {
               name: "46128",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46128",
            },
            {
               name: "RHSA-2011:1324",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2011-1324.html",
            },
            {
               name: "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2011/08/25/1",
            },
            {
               name: "49895",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49895",
            },
            {
               name: "46117",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46117",
            },
            {
               name: "RHSA-2011:1326",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2011-1326.html",
            },
            {
               name: "46119",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46119",
            },
            {
               name: "49723",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/49723",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08",
            },
            {
               name: "RHSA-2011:1323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2011-1323.html",
            },
            {
               name: "SUSE-SU-2011:1113",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "https://hermes.opensuse.org/messages/12056605",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65",
            },
            {
               name: "RHSA-2011:1328",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2011-1328.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c",
            },
            {
               name: "75652",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/75652",
            },
            {
               name: "46118",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46118",
            },
            {
               name: "pango-harfbuzz-bo(69991)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991",
            },
            {
               name: "openSUSE-SU-2011:1120",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2011-3193",
      datePublished: "2012-06-16T00:00:00",
      dateReserved: "2011-08-19T00:00:00",
      dateUpdated: "2024-08-06T23:29:55.288Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-12267
Vulnerability from cvelistv5
Published
2020-04-27 01:31
Modified
2024-08-04 11:48
Severity ?
Summary
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:48:58.414Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/291706",
               },
               {
                  name: "GLSA-202007-38",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202007-38",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-27T02:06:10",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/291706",
            },
            {
               name: "GLSA-202007-38",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202007-38",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-12267",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450",
                  },
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtbase/+/291706",
                     refsource: "CONFIRM",
                     url: "https://codereview.qt-project.org/c/qt/qtbase/+/291706",
                  },
                  {
                     name: "GLSA-202007-38",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202007-38",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-12267",
      datePublished: "2020-04-27T01:31:42",
      dateReserved: "2020-04-27T00:00:00",
      dateUpdated: "2024-08-04T11:48:58.414Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2010-2621
Vulnerability from cvelistv5
Published
2010-07-02 20:00
Modified
2024-08-07 02:39
Severity ?
Summary
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
References
http://secunia.com/advisories/46410third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1657vdb-entry, x_refsource_VUPEN
http://aluigi.org/poc/qtsslame.zipx_refsource_MISC
http://www.securityfocus.com/bid/41250vdb-entry, x_refsource_BID
http://osvdb.org/65860vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/40389third-party-advisory, x_refsource_SECUNIA
http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597x_refsource_CONFIRM
https://hermes.opensuse.org/messages/12056605vendor-advisory, x_refsource_SUSE
http://aluigi.org/adv/qtsslame-adv.txtx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T02:39:37.809Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "46410",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46410",
               },
               {
                  name: "ADV-2010-1657",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/1657",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://aluigi.org/poc/qtsslame.zip",
               },
               {
                  name: "41250",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/41250",
               },
               {
                  name: "65860",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/65860",
               },
               {
                  name: "40389",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/40389",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
               },
               {
                  name: "SUSE-SU-2011:1113",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "https://hermes.opensuse.org/messages/12056605",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://aluigi.org/adv/qtsslame-adv.txt",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2010-06-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2012-06-19T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "46410",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46410",
            },
            {
               name: "ADV-2010-1657",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/1657",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://aluigi.org/poc/qtsslame.zip",
            },
            {
               name: "41250",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/41250",
            },
            {
               name: "65860",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/65860",
            },
            {
               name: "40389",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/40389",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
            },
            {
               name: "SUSE-SU-2011:1113",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "https://hermes.opensuse.org/messages/12056605",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://aluigi.org/adv/qtsslame-adv.txt",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2010-2621",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "46410",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/46410",
                  },
                  {
                     name: "ADV-2010-1657",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2010/1657",
                  },
                  {
                     name: "http://aluigi.org/poc/qtsslame.zip",
                     refsource: "MISC",
                     url: "http://aluigi.org/poc/qtsslame.zip",
                  },
                  {
                     name: "41250",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/41250",
                  },
                  {
                     name: "65860",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/65860",
                  },
                  {
                     name: "40389",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/40389",
                  },
                  {
                     name: "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
                     refsource: "CONFIRM",
                     url: "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
                  },
                  {
                     name: "SUSE-SU-2011:1113",
                     refsource: "SUSE",
                     url: "https://hermes.opensuse.org/messages/12056605",
                  },
                  {
                     name: "http://aluigi.org/adv/qtsslame-adv.txt",
                     refsource: "MISC",
                     url: "http://aluigi.org/adv/qtsslame-adv.txt",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2010-2621",
      datePublished: "2010-07-02T20:00:00",
      dateReserved: "2010-07-02T00:00:00",
      dateUpdated: "2024-08-07T02:39:37.809Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2007-0242
Vulnerability from cvelistv5
Published
2007-04-03 16:00
Modified
2024-08-07 12:12
Severity ?
Summary
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
References
http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.htmlx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/33397vdb-entry, x_refsource_XF
http://secunia.com/advisories/24699third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0909.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2007:074vendor-advisory, x_refsource_MANDRIVA
https://issues.rpath.com/browse/RPL-1202x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDKSA-2007:076vendor-advisory, x_refsource_MANDRIVA
http://support.avaya.com/elmodocs2/security/ASA-2007-424.htmx_refsource_CONFIRM
http://secunia.com/advisories/24889third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27275third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24727third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26857third-party-advisory, x_refsource_SECUNIA
http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350x_refsource_CONFIRM
http://www.novell.com/linux/security/advisories/2007_6_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.htmlx_refsource_CONFIRM
http://www.debian.org/security/2007/dsa-1292vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/24847third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24705third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2011-1324.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/23269vdb-entry, x_refsource_BID
http://secunia.com/advisories/46117third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27108third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24759third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-452-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/24726third-party-advisory, x_refsource_SECUNIA
ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.ascvendor-advisory, x_refsource_SGI
http://www.vupen.com/english/advisories/2007/1212vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/25263third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26804third-party-advisory, x_refsource_SECUNIA
http://fedoranews.org/updates/FEDORA-2007-703.shtmlvendor-advisory, x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2007-0883.htmlvendor-advisory, x_refsource_REDHAT
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591vendor-advisory, x_refsource_SLACKWARE
http://www.mandriva.com/security/advisories?name=MDKSA-2007:075vendor-advisory, x_refsource_MANDRIVA
http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.htmlx_refsource_CONFIRM
http://secunia.com/advisories/24797third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T12:12:17.982Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html",
               },
               {
                  name: "qt-utf8-xss(33397)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397",
               },
               {
                  name: "24699",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24699",
               },
               {
                  name: "RHSA-2007:0909",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2007-0909.html",
               },
               {
                  name: "MDKSA-2007:074",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-1202",
               },
               {
                  name: "MDKSA-2007:076",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm",
               },
               {
                  name: "24889",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24889",
               },
               {
                  name: "27275",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/27275",
               },
               {
                  name: "24727",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24727",
               },
               {
                  name: "26857",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/26857",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350",
               },
               {
                  name: "SUSE-SR:2007:006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2007_6_sr.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html",
               },
               {
                  name: "DSA-1292",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2007/dsa-1292",
               },
               {
                  name: "24847",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24847",
               },
               {
                  name: "24705",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24705",
               },
               {
                  name: "RHSA-2011:1324",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2011-1324.html",
               },
               {
                  name: "23269",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/23269",
               },
               {
                  name: "46117",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46117",
               },
               {
                  name: "27108",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/27108",
               },
               {
                  name: "24759",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24759",
               },
               {
                  name: "USN-452-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-452-1",
               },
               {
                  name: "24726",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24726",
               },
               {
                  name: "20070901-01-P",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc",
               },
               {
                  name: "ADV-2007-1212",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/1212",
               },
               {
                  name: "25263",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/25263",
               },
               {
                  name: "26804",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/26804",
               },
               {
                  name: "FEDORA-2007-703",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://fedoranews.org/updates/FEDORA-2007-703.shtml",
               },
               {
                  name: "oval:org.mitre.oval:def:11510",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510",
               },
               {
                  name: "RHSA-2007:0883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2007-0883.html",
               },
               {
                  name: "SSA:2007-093-03",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SLACKWARE",
                     "x_transferred",
                  ],
                  url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591",
               },
               {
                  name: "MDKSA-2007:075",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html",
               },
               {
                  name: "24797",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24797",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-04-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html",
            },
            {
               name: "qt-utf8-xss(33397)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397",
            },
            {
               name: "24699",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24699",
            },
            {
               name: "RHSA-2007:0909",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2007-0909.html",
            },
            {
               name: "MDKSA-2007:074",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-1202",
            },
            {
               name: "MDKSA-2007:076",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm",
            },
            {
               name: "24889",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24889",
            },
            {
               name: "27275",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/27275",
            },
            {
               name: "24727",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24727",
            },
            {
               name: "26857",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/26857",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350",
            },
            {
               name: "SUSE-SR:2007:006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2007_6_sr.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html",
            },
            {
               name: "DSA-1292",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2007/dsa-1292",
            },
            {
               name: "24847",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24847",
            },
            {
               name: "24705",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24705",
            },
            {
               name: "RHSA-2011:1324",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2011-1324.html",
            },
            {
               name: "23269",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/23269",
            },
            {
               name: "46117",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46117",
            },
            {
               name: "27108",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/27108",
            },
            {
               name: "24759",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24759",
            },
            {
               name: "USN-452-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-452-1",
            },
            {
               name: "24726",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24726",
            },
            {
               name: "20070901-01-P",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc",
            },
            {
               name: "ADV-2007-1212",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/1212",
            },
            {
               name: "25263",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/25263",
            },
            {
               name: "26804",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/26804",
            },
            {
               name: "FEDORA-2007-703",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://fedoranews.org/updates/FEDORA-2007-703.shtml",
            },
            {
               name: "oval:org.mitre.oval:def:11510",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510",
            },
            {
               name: "RHSA-2007:0883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2007-0883.html",
            },
            {
               name: "SSA:2007-093-03",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
               ],
               url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591",
            },
            {
               name: "MDKSA-2007:075",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html",
            },
            {
               name: "24797",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24797",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-0242",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html",
                     refsource: "CONFIRM",
                     url: "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html",
                  },
                  {
                     name: "qt-utf8-xss(33397)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397",
                  },
                  {
                     name: "24699",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24699",
                  },
                  {
                     name: "RHSA-2007:0909",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2007-0909.html",
                  },
                  {
                     name: "MDKSA-2007:074",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074",
                  },
                  {
                     name: "https://issues.rpath.com/browse/RPL-1202",
                     refsource: "CONFIRM",
                     url: "https://issues.rpath.com/browse/RPL-1202",
                  },
                  {
                     name: "MDKSA-2007:076",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076",
                  },
                  {
                     name: "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm",
                     refsource: "CONFIRM",
                     url: "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm",
                  },
                  {
                     name: "24889",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24889",
                  },
                  {
                     name: "27275",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/27275",
                  },
                  {
                     name: "24727",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24727",
                  },
                  {
                     name: "26857",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/26857",
                  },
                  {
                     name: "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350",
                     refsource: "CONFIRM",
                     url: "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350",
                  },
                  {
                     name: "SUSE-SR:2007:006",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2007_6_sr.html",
                  },
                  {
                     name: "http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html",
                     refsource: "CONFIRM",
                     url: "http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html",
                  },
                  {
                     name: "DSA-1292",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2007/dsa-1292",
                  },
                  {
                     name: "24847",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24847",
                  },
                  {
                     name: "24705",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24705",
                  },
                  {
                     name: "RHSA-2011:1324",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2011-1324.html",
                  },
                  {
                     name: "23269",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/23269",
                  },
                  {
                     name: "46117",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/46117",
                  },
                  {
                     name: "27108",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/27108",
                  },
                  {
                     name: "24759",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24759",
                  },
                  {
                     name: "USN-452-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-452-1",
                  },
                  {
                     name: "24726",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24726",
                  },
                  {
                     name: "20070901-01-P",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc",
                  },
                  {
                     name: "ADV-2007-1212",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2007/1212",
                  },
                  {
                     name: "25263",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/25263",
                  },
                  {
                     name: "26804",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/26804",
                  },
                  {
                     name: "FEDORA-2007-703",
                     refsource: "FEDORA",
                     url: "http://fedoranews.org/updates/FEDORA-2007-703.shtml",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11510",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510",
                  },
                  {
                     name: "RHSA-2007:0883",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2007-0883.html",
                  },
                  {
                     name: "SSA:2007-093-03",
                     refsource: "SLACKWARE",
                     url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591",
                  },
                  {
                     name: "MDKSA-2007:075",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075",
                  },
                  {
                     name: "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html",
                     refsource: "CONFIRM",
                     url: "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html",
                  },
                  {
                     name: "24797",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24797",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-0242",
      datePublished: "2007-04-03T16:00:00",
      dateReserved: "2007-01-16T00:00:00",
      dateUpdated: "2024-08-07T12:12:17.982Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-0569
Vulnerability from cvelistv5
Published
2020-11-23 00:00
Modified
2024-08-04 06:02
Severity ?
Summary
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
Impacted products
Vendor Product Version
n/a Intel(R) PROSet/Wireless WiFi products on Windows 10 Version: before version 21.70
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T06:02:52.444Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Intel(R) PROSet/Wireless WiFi products on Windows 10",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "before version 21.70",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "denial of service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-12T16:08:18.142495",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2020-0569",
      datePublished: "2020-11-23T00:00:00",
      dateReserved: "2019-10-28T00:00:00",
      dateUpdated: "2024-08-04T06:02:52.444Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4422
Vulnerability from cvelistv5
Published
2013-10-23 15:00
Modified
2024-08-06 16:45
Severity ?
Summary
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
References
http://quassel-irc.org/node/120x_refsource_CONFIRM
http://secunia.com/advisories/55194third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/55581third-party-advisory, x_refsource_SECUNIA
http://bugs.quassel-irc.org/issues/1244x_refsource_CONFIRM
http://seclists.org/oss-sec/2013/q4/74mailing-list, x_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/87805vdb-entry, x_refsource_XF
http://security.gentoo.org/glsa/glsa-201311-03.xmlvendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/62923vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:45:13.900Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://quassel-irc.org/node/120",
               },
               {
                  name: "55194",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/55194",
               },
               {
                  name: "55581",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/55581",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugs.quassel-irc.org/issues/1244",
               },
               {
                  name: "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/oss-sec/2013/q4/74",
               },
               {
                  name: "quasselirc-backslash-sql-injection(87805)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805",
               },
               {
                  name: "GLSA-201311-03",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-201311-03.xml",
               },
               {
                  name: "62923",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/62923",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-10-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://quassel-irc.org/node/120",
            },
            {
               name: "55194",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/55194",
            },
            {
               name: "55581",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/55581",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugs.quassel-irc.org/issues/1244",
            },
            {
               name: "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://seclists.org/oss-sec/2013/q4/74",
            },
            {
               name: "quasselirc-backslash-sql-injection(87805)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805",
            },
            {
               name: "GLSA-201311-03",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-201311-03.xml",
            },
            {
               name: "62923",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/62923",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-4422",
      datePublished: "2013-10-23T15:00:00",
      dateReserved: "2013-06-12T00:00:00",
      dateUpdated: "2024-08-06T16:45:13.900Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-7298
Vulnerability from cvelistv5
Published
2015-10-26 14:00
Modified
2024-08-06 07:43
Severity ?
Summary
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:43:46.168Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://owncloud.org/security/advisory/?id=oc-sa-2015-016",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-09-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate.  NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-10-26T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://owncloud.org/security/advisory/?id=oc-sa-2015-016",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-7298",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate.  NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://owncloud.org/security/advisory/?id=oc-sa-2015-016",
                     refsource: "CONFIRM",
                     url: "https://owncloud.org/security/advisory/?id=oc-sa-2015-016",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-7298",
      datePublished: "2015-10-26T14:00:00",
      dateReserved: "2015-09-21T00:00:00",
      dateUpdated: "2024-08-06T07:43:46.168Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-43114
Vulnerability from cvelistv5
Published
2023-09-18 00:00
Modified
2024-09-25 15:48
Severity ?
Summary
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T19:37:22.975Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/503026",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-43114",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-25T15:48:32.880023Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-25T15:48:41.465Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-18T06:55:20.210703",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/503026",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-43114",
      datePublished: "2023-09-18T00:00:00",
      dateReserved: "2023-09-18T00:00:00",
      dateUpdated: "2024-09-25T15:48:41.465Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19869
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.631Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/234142/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
               },
               {
                  name: "openSUSE-SU-2019:1116",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html",
               },
               {
                  name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
               },
               {
                  name: "RHSA-2019:2135",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2135",
               },
               {
                  name: "openSUSE-SU-2020:1452",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
               },
               {
                  name: "openSUSE-SU-2020:1500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
               },
               {
                  name: "openSUSE-SU-2020:1501",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
               },
               {
                  name: "openSUSE-SU-2020:1530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
               },
               {
                  name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
               },
               {
                  name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-10-31T21:06:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#/c/234142/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
            },
            {
               name: "openSUSE-SU-2019:1116",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html",
            },
            {
               name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
            },
            {
               name: "RHSA-2019:2135",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2135",
            },
            {
               name: "openSUSE-SU-2020:1452",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
            },
            {
               name: "openSUSE-SU-2020:1500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
            },
            {
               name: "openSUSE-SU-2020:1501",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
            },
            {
               name: "openSUSE-SU-2020:1530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
            },
            {
               name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
            },
            {
               name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19869",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://codereview.qt-project.org/#/c/234142/",
                     refsource: "CONFIRM",
                     url: "https://codereview.qt-project.org/#/c/234142/",
                  },
                  {
                     name: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                     refsource: "CONFIRM",
                     url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                  },
                  {
                     name: "openSUSE-SU-2019:1116",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html",
                  },
                  {
                     name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
                  },
                  {
                     name: "RHSA-2019:2135",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2135",
                  },
                  {
                     name: "openSUSE-SU-2020:1452",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1500",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1501",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1530",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
                  },
                  {
                     name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19869",
      datePublished: "2018-12-26T20:00:00",
      dateReserved: "2018-12-05T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.631Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-28025
Vulnerability from cvelistv5
Published
2023-08-11 00:00
Modified
2024-10-09 17:37
Severity ?
Summary
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T21:33:17.264Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugreports.qt.io/browse/QTBUG-91507",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-28025",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-09T17:37:32.242443Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-09T17:37:40.750Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-11T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://bugreports.qt.io/browse/QTBUG-91507",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-28025",
      datePublished: "2023-08-11T00:00:00",
      dateReserved: "2021-03-05T00:00:00",
      dateUpdated: "2024-10-09T17:37:40.750Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-2700
Vulnerability from cvelistv5
Published
2009-09-02 17:00
Modified
2024-08-07 05:59
Severity ?
Summary
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
http://secunia.com/advisories/36702third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/36203vdb-entry, x_refsource_BID
http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2009:225vendor-advisory, x_refsource_MANDRIVA
http://www.ubuntu.com/usn/usn-829-1vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2009/2499vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/36536third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:59:56.946Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "36702",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36702",
               },
               {
                  name: "36203",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/36203",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6",
               },
               {
                  name: "MDVSA-2009:225",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225",
               },
               {
                  name: "USN-829-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-829-1",
               },
               {
                  name: "ADV-2009-2499",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/2499",
               },
               {
                  name: "36536",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36536",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-08-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2010-04-24T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "36702",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36702",
            },
            {
               name: "36203",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/36203",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6",
            },
            {
               name: "MDVSA-2009:225",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225",
            },
            {
               name: "USN-829-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-829-1",
            },
            {
               name: "ADV-2009-2499",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/2499",
            },
            {
               name: "36536",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36536",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-2700",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "36702",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36702",
                  },
                  {
                     name: "36203",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/36203",
                  },
                  {
                     name: "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6",
                     refsource: "CONFIRM",
                     url: "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6",
                  },
                  {
                     name: "MDVSA-2009:225",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225",
                  },
                  {
                     name: "USN-829-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-829-1",
                  },
                  {
                     name: "ADV-2009-2499",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/2499",
                  },
                  {
                     name: "36536",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36536",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-2700",
      datePublished: "2009-09-02T17:00:00",
      dateReserved: "2009-08-05T00:00:00",
      dateUpdated: "2024-08-07T05:59:56.946Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-24742
Vulnerability from cvelistv5
Published
2021-08-09 21:18
Modified
2024-08-04 15:19
Severity ?
Summary
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:19:09.331Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/280730",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-08-09T21:18:27",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/280730",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-24742",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtbase/+/280730",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/c/qt/qtbase/+/280730",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-24742",
      datePublished: "2021-08-09T21:18:27",
      dateReserved: "2020-08-28T00:00:00",
      dateUpdated: "2024-08-04T15:19:09.331Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19873
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.667Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-4374",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4374",
               },
               {
                  name: "openSUSE-SU-2018:4261",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html",
               },
               {
                  name: "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/238749/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
               },
               {
                  name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
               },
               {
                  name: "USN-4003-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4003-1/",
               },
               {
                  name: "RHSA-2019:2135",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2135",
               },
               {
                  name: "RHSA-2019:3390",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3390",
               },
               {
                  name: "openSUSE-SU-2020:1452",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
               },
               {
                  name: "openSUSE-SU-2020:1500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
               },
               {
                  name: "openSUSE-SU-2020:1501",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
               },
               {
                  name: "openSUSE-SU-2020:1530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
               },
               {
                  name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-28T08:06:13",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-4374",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4374",
            },
            {
               name: "openSUSE-SU-2018:4261",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html",
            },
            {
               name: "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#/c/238749/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
            },
            {
               name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
            },
            {
               name: "USN-4003-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4003-1/",
            },
            {
               name: "RHSA-2019:2135",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2135",
            },
            {
               name: "RHSA-2019:3390",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3390",
            },
            {
               name: "openSUSE-SU-2020:1452",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
            },
            {
               name: "openSUSE-SU-2020:1500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
            },
            {
               name: "openSUSE-SU-2020:1501",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
            },
            {
               name: "openSUSE-SU-2020:1530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
            },
            {
               name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19873",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-4374",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4374",
                  },
                  {
                     name: "openSUSE-SU-2018:4261",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html",
                  },
                  {
                     name: "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/238749/",
                     refsource: "CONFIRM",
                     url: "https://codereview.qt-project.org/#/c/238749/",
                  },
                  {
                     name: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                     refsource: "CONFIRM",
                     url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                  },
                  {
                     name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
                  },
                  {
                     name: "USN-4003-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4003-1/",
                  },
                  {
                     name: "RHSA-2019:2135",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2135",
                  },
                  {
                     name: "RHSA-2019:3390",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:3390",
                  },
                  {
                     name: "openSUSE-SU-2020:1452",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1500",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1501",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1530",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19873",
      datePublished: "2018-12-26T20:00:00",
      dateReserved: "2018-12-05T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.667Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-40983
Vulnerability from cvelistv5
Published
2023-01-12 16:44
Modified
2024-08-03 12:28
Summary
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
Impacted products
Vendor Product Version
Qt Project Qt Version: 6.3.2.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T12:28:42.966Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
               },
               {
                  name: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Qt",
               vendor: "Qt Project",
               versions: [
                  {
                     status: "affected",
                     version: "6.3.2.",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190: Integer Overflow or Wraparound",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-12T16:44:11.041Z",
            orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            shortName: "talos",
         },
         references: [
            {
               name: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
               url: "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
      assignerShortName: "talos",
      cveId: "CVE-2022-40983",
      datePublished: "2023-01-12T16:44:11.041Z",
      dateReserved: "2022-09-20T20:20:21.535Z",
      dateUpdated: "2024-08-03T12:28:42.966Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19870
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.664Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/235998/",
               },
               {
                  name: "DSA-4374",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4374",
               },
               {
                  name: "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
               },
               {
                  name: "openSUSE-SU-2019:1239",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html",
               },
               {
                  name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
               },
               {
                  name: "USN-4003-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4003-1/",
               },
               {
                  name: "RHSA-2019:2135",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2135",
               },
               {
                  name: "RHSA-2019:3390",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3390",
               },
               {
                  name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-28T08:06:14",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/#/c/235998/",
            },
            {
               name: "DSA-4374",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4374",
            },
            {
               name: "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
            },
            {
               name: "openSUSE-SU-2019:1239",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html",
            },
            {
               name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
            },
            {
               name: "USN-4003-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4003-1/",
            },
            {
               name: "RHSA-2019:2135",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2135",
            },
            {
               name: "RHSA-2019:3390",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3390",
            },
            {
               name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19870",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://codereview.qt-project.org/#/c/235998/",
                     refsource: "CONFIRM",
                     url: "https://codereview.qt-project.org/#/c/235998/",
                  },
                  {
                     name: "DSA-4374",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4374",
                  },
                  {
                     name: "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html",
                  },
                  {
                     name: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                     refsource: "CONFIRM",
                     url: "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                  },
                  {
                     name: "openSUSE-SU-2019:1239",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html",
                  },
                  {
                     name: "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html",
                  },
                  {
                     name: "USN-4003-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4003-1/",
                  },
                  {
                     name: "RHSA-2019:2135",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2135",
                  },
                  {
                     name: "RHSA-2019:3390",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:3390",
                  },
                  {
                     name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19870",
      datePublished: "2018-12-26T20:00:00",
      dateReserved: "2018-12-05T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.664Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-25255
Vulnerability from cvelistv5
Published
2022-02-16 18:48
Modified
2024-08-03 04:36
Severity ?
Summary
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T04:36:06.650Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/393113",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/394914",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/396020",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-16T18:48:34",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/393113",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/394914",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/396020",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-25255",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtbase/+/393113",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/c/qt/qtbase/+/393113",
                  },
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtbase/+/394914",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/c/qt/qtbase/+/394914",
                  },
                  {
                     name: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff",
                     refsource: "MISC",
                     url: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff",
                  },
                  {
                     name: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff",
                     refsource: "MISC",
                     url: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff",
                  },
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtbase/+/396020",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/c/qt/qtbase/+/396020",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-25255",
      datePublished: "2022-02-16T18:48:35",
      dateReserved: "2022-02-16T00:00:00",
      dateUpdated: "2024-08-03T04:36:06.650Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-10905
Vulnerability from cvelistv5
Published
2017-12-15 14:00
Modified
2024-08-05 17:50
Severity ?
Summary
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
References
Impacted products
Vendor Product Version
The Qt Company Qt for Android Version: prior to 5.9.3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T17:50:12.508Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "JVN#27342829",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_JVN",
                     "x_transferred",
                  ],
                  url: "https://jvn.jp/en/jp/JVN27342829/index.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Qt for Android",
               vendor: "The Qt Company",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 5.9.3",
                  },
               ],
            },
         ],
         datePublic: "2017-12-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "External Control of Critical State Data",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-15T13:57:01",
            orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            shortName: "jpcert",
         },
         references: [
            {
               name: "JVN#27342829",
               tags: [
                  "third-party-advisory",
                  "x_refsource_JVN",
               ],
               url: "https://jvn.jp/en/jp/JVN27342829/index.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "vultures@jpcert.or.jp",
               ID: "CVE-2017-10905",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Qt for Android",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 5.9.3",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "The Qt Company",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "External Control of Critical State Data",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "JVN#27342829",
                     refsource: "JVN",
                     url: "https://jvn.jp/en/jp/JVN27342829/index.html",
                  },
                  {
                     name: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
                     refsource: "CONFIRM",
                     url: "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
      assignerShortName: "jpcert",
      cveId: "CVE-2017-10905",
      datePublished: "2017-12-15T14:00:00",
      dateReserved: "2017-07-04T00:00:00",
      dateUpdated: "2024-08-05T17:50:12.508Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-25634
Vulnerability from cvelistv5
Published
2022-03-02 14:27
Modified
2024-08-03 04:42
Severity ?
Summary
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T04:42:50.375Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/396440",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/396689",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-03-02T14:27:37",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/396440",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/396689",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-25634",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtbase/+/396440",
                     refsource: "CONFIRM",
                     url: "https://codereview.qt-project.org/c/qt/qtbase/+/396440",
                  },
                  {
                     name: "https://codereview.qt-project.org/c/qt/qtbase/+/396689",
                     refsource: "CONFIRM",
                     url: "https://codereview.qt-project.org/c/qt/qtbase/+/396689",
                  },
                  {
                     name: "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff",
                     refsource: "CONFIRM",
                     url: "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff",
                  },
                  {
                     name: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690",
                     refsource: "CONFIRM",
                     url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690",
                  },
                  {
                     name: "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff",
                     refsource: "CONFIRM",
                     url: "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-25634",
      datePublished: "2022-03-02T14:27:37",
      dateReserved: "2022-02-22T00:00:00",
      dateUpdated: "2024-08-03T04:42:50.375Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-0254
Vulnerability from cvelistv5
Published
2013-02-06 11:00
Modified
2024-08-06 14:18
Severity ?
Summary
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:18:09.656Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2013:0404",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html",
               },
               {
                  name: "RHSA-2013:0669",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0669.html",
               },
               {
                  name: "openSUSE-SU-2013:0403",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html",
               },
               {
                  name: "[qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html",
               },
               {
                  name: "openSUSE-SU-2013:0411",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=907425",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-02-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-03-23T09:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "openSUSE-SU-2013:0404",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html",
            },
            {
               name: "RHSA-2013:0669",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0669.html",
            },
            {
               name: "openSUSE-SU-2013:0403",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html",
            },
            {
               name: "[qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html",
            },
            {
               name: "openSUSE-SU-2013:0411",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=907425",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2013-0254",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "openSUSE-SU-2013:0404",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html",
                  },
                  {
                     name: "RHSA-2013:0669",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0669.html",
                  },
                  {
                     name: "openSUSE-SU-2013:0403",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html",
                  },
                  {
                     name: "[qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable",
                     refsource: "MLIST",
                     url: "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html",
                  },
                  {
                     name: "openSUSE-SU-2013:0411",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=907425",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=907425",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-0254",
      datePublished: "2013-02-06T11:00:00",
      dateReserved: "2012-12-06T00:00:00",
      dateUpdated: "2024-08-06T14:18:09.656Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-33285
Vulnerability from cvelistv5
Published
2023-05-22 00:00
Modified
2025-01-21 15:17
Summary
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T15:39:35.989Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/477644",
               },
               {
                  name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-33285",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-21T15:17:38.437872Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-21T15:17:54.872Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-01T00:06:21.626146",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/477644",
            },
            {
               name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-33285",
      datePublished: "2023-05-22T00:00:00",
      dateReserved: "2023-05-22T00:00:00",
      dateUpdated: "2025-01-21T15:17:54.872Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19872
Vulnerability from cvelistv5
Published
2019-03-15 22:00
Modified
2024-08-05 11:44
Severity ?
Summary
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.666Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugreports.qt.io/browse/QTBUG-69449",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
               },
               {
                  name: "FEDORA-2019-03ac7f1d2f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/",
               },
               {
                  name: "FEDORA-2019-ae913a2f00",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/",
               },
               {
                  name: "FEDORA-2019-b5e690b96e",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/",
               },
               {
                  name: "openSUSE-SU-2019:1239",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html",
               },
               {
                  name: "USN-4275-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4275-1/",
               },
               {
                  name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
               },
               {
                  name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-07-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-28T08:06:14",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugreports.qt.io/browse/QTBUG-69449",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
            },
            {
               name: "FEDORA-2019-03ac7f1d2f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/",
            },
            {
               name: "FEDORA-2019-ae913a2f00",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/",
            },
            {
               name: "FEDORA-2019-b5e690b96e",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/",
            },
            {
               name: "openSUSE-SU-2019:1239",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html",
            },
            {
               name: "USN-4275-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4275-1/",
            },
            {
               name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
            },
            {
               name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19872",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugreports.qt.io/browse/QTBUG-69449",
                     refsource: "CONFIRM",
                     url: "https://bugreports.qt.io/browse/QTBUG-69449",
                  },
                  {
                     name: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                     refsource: "CONFIRM",
                     url: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                  },
                  {
                     name: "FEDORA-2019-03ac7f1d2f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/",
                  },
                  {
                     name: "FEDORA-2019-ae913a2f00",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/",
                  },
                  {
                     name: "FEDORA-2019-b5e690b96e",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/",
                  },
                  {
                     name: "openSUSE-SU-2019:1239",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html",
                  },
                  {
                     name: "USN-4275-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4275-1/",
                  },
                  {
                     name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19872",
      datePublished: "2019-03-15T22:00:00",
      dateReserved: "2018-12-05T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.666Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-15011
Vulnerability from cvelistv5
Published
2017-10-03 20:00
Modified
2024-09-16 17:22
Severity ?
Summary
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T19:42:22.330Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.youtube.com/watch?v=m6zISgWPGGY",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-03T20:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.youtube.com/watch?v=m6zISgWPGGY",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-15011",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf",
                     refsource: "MISC",
                     url: "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf",
                  },
                  {
                     name: "https://www.youtube.com/watch?v=m6zISgWPGGY",
                     refsource: "MISC",
                     url: "https://www.youtube.com/watch?v=m6zISgWPGGY",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-15011",
      datePublished: "2017-10-03T20:00:00Z",
      dateReserved: "2017-10-03T00:00:00Z",
      dateUpdated: "2024-09-16T17:22:41.394Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-24607
Vulnerability from cvelistv5
Published
2023-04-15 00:00
Modified
2024-08-02 11:03
Severity ?
Summary
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-24607",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-01T15:11:26.446866Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T17:21:28.108Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T11:03:18.644Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.qt.io/blog/tag/security",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/qtbase/+/456216",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin",
               },
               {
                  name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-01T00:06:15.456739",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.qt.io/blog/tag/security",
            },
            {
               url: "https://codereview.qt-project.org/c/qt/qtbase/+/456216",
            },
            {
               url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217",
            },
            {
               url: "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238",
            },
            {
               url: "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff",
            },
            {
               url: "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
            },
            {
               url: "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin",
            },
            {
               name: "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-24607",
      datePublished: "2023-04-15T00:00:00",
      dateReserved: "2023-01-29T00:00:00",
      dateUpdated: "2024-08-02T11:03:18.644Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2010-5076
Vulnerability from cvelistv5
Published
2012-06-29 19:00
Modified
2024-08-07 04:09
Severity ?
Summary
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T04:09:38.930Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-1504-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1504-1",
               },
               {
                  name: "49895",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49895",
               },
               {
                  name: "RHSA-2012:0880",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0880.html",
               },
               {
                  name: "41236",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/41236",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0",
               },
               {
                  name: "49604",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49604",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugreports.qt-project.org/browse/QTBUG-4455",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2010-07-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2012-08-16T09:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "USN-1504-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1504-1",
            },
            {
               name: "49895",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49895",
            },
            {
               name: "RHSA-2012:0880",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0880.html",
            },
            {
               name: "41236",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/41236",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0",
            },
            {
               name: "49604",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49604",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugreports.qt-project.org/browse/QTBUG-4455",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2010-5076",
      datePublished: "2012-06-29T19:00:00",
      dateReserved: "2011-12-19T00:00:00",
      dateUpdated: "2024-08-07T04:09:38.930Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19865
Vulnerability from cvelistv5
Published
2018-12-05 11:00
Modified
2024-08-05 11:44
Severity ?
Summary
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.693Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/245283/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/243666/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/245638/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/244569/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/245312/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/246630/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/245293/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/244687/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/245640/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://codereview.qt-project.org/#/c/244845/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
               },
               {
                  name: "openSUSE-SU-2019:1263",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html",
               },
               {
                  name: "openSUSE-SU-2019:1259",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-04-23T21:06:06",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/245283/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/243666/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/245638/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/244569/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/245312/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/246630/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/245293/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/244687/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/245640/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://codereview.qt-project.org/#/c/244845/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
            },
            {
               name: "openSUSE-SU-2019:1263",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html",
            },
            {
               name: "openSUSE-SU-2019:1259",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19865",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://codereview.qt-project.org/#/c/245283/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/245283/",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/243666/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/243666/",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/245638/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/245638/",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/244569/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/244569/",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/245312/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/245312/",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/246630/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/246630/",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/245293/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/245293/",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/244687/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/244687/",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/245640/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/245640/",
                  },
                  {
                     name: "https://codereview.qt-project.org/#/c/244845/",
                     refsource: "MISC",
                     url: "https://codereview.qt-project.org/#/c/244845/",
                  },
                  {
                     name: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                     refsource: "MISC",
                     url: "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
                  },
                  {
                     name: "openSUSE-SU-2019:1263",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1259",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19865",
      datePublished: "2018-12-05T11:00:00",
      dateReserved: "2018-12-05T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.693Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}