Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    18 vulnerabilities by digia

    CVE-2015-1860 (GCVE-0-2015-1860)

    Vulnerability from nvd – Published: 2015-05-12 19:00 – Updated: 2024-08-06 04:54
    VLAI
    Summary
    Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/201603-10 vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/74302 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.ubuntu.com/usn/USN-2626-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.qt-project.org/pipermail/announce/20… mailing-listx_refsource_MLIST
    https://codereview.qt-project.org/#/c/108248/ x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2015-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:54:16.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2015-6114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
              },
              {
                "name": "FEDORA-2015-6573",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
              },
              {
                "name": "FEDORA-2015-6123",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
              },
              {
                "name": "GLSA-201603-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201603-10"
              },
              {
                "name": "FEDORA-2015-6315",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
              },
              {
                "name": "FEDORA-2015-6613",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
              },
              {
                "name": "74302",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74302"
              },
              {
                "name": "FEDORA-2015-6364",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
              },
              {
                "name": "FEDORA-2015-6661",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
              },
              {
                "name": "USN-2626-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2626-1"
              },
              {
                "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.qt-project.org/#/c/108248/"
              },
              {
                "name": "FEDORA-2015-6252",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-29T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2015-6114",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
            },
            {
              "name": "FEDORA-2015-6573",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
            },
            {
              "name": "FEDORA-2015-6123",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
            },
            {
              "name": "GLSA-201603-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201603-10"
            },
            {
              "name": "FEDORA-2015-6315",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
            },
            {
              "name": "FEDORA-2015-6613",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
            },
            {
              "name": "74302",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74302"
            },
            {
              "name": "FEDORA-2015-6364",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
            },
            {
              "name": "FEDORA-2015-6661",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
            },
            {
              "name": "USN-2626-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2626-1"
            },
            {
              "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.qt-project.org/#/c/108248/"
            },
            {
              "name": "FEDORA-2015-6252",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-1860",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-02-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:54:16.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1859 (GCVE-0-2015-1859)

    Vulnerability from nvd – Published: 2015-05-12 19:00 – Updated: 2024-08-06 04:54
    VLAI
    Summary
    Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/74307 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/74310 vdb-entryx_refsource_BID
    https://security.gentoo.org/glsa/201603-10 vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.ubuntu.com/usn/USN-2626-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.qt-project.org/pipermail/announce/20… mailing-listx_refsource_MLIST
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2015-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:54:16.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2015-6114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
              },
              {
                "name": "74307",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74307"
              },
              {
                "name": "FEDORA-2015-6123",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
              },
              {
                "name": "74310",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74310"
              },
              {
                "name": "GLSA-201603-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201603-10"
              },
              {
                "name": "FEDORA-2015-6315",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
              },
              {
                "name": "FEDORA-2015-6364",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
              },
              {
                "name": "USN-2626-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2626-1"
              },
              {
                "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
              },
              {
                "name": "FEDORA-2015-6252",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-29T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2015-6114",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
            },
            {
              "name": "74307",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74307"
            },
            {
              "name": "FEDORA-2015-6123",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
            },
            {
              "name": "74310",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74310"
            },
            {
              "name": "GLSA-201603-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201603-10"
            },
            {
              "name": "FEDORA-2015-6315",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
            },
            {
              "name": "FEDORA-2015-6364",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
            },
            {
              "name": "USN-2626-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2626-1"
            },
            {
              "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
            },
            {
              "name": "FEDORA-2015-6252",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-1859",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-02-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:54:16.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1858 (GCVE-0-2015-1858)

    Vulnerability from nvd – Published: 2015-05-12 19:00 – Updated: 2024-08-06 04:54
    VLAI
    Summary
    Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/201603-10 vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://codereview.qt-project.org/#/c/108312/ x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.ubuntu.com/usn/USN-2626-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.qt-project.org/pipermail/announce/20… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/74309 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2015-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:54:16.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2015-6114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
              },
              {
                "name": "FEDORA-2015-6123",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
              },
              {
                "name": "GLSA-201603-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201603-10"
              },
              {
                "name": "FEDORA-2015-6315",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.qt-project.org/#/c/108312/"
              },
              {
                "name": "FEDORA-2015-6364",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
              },
              {
                "name": "USN-2626-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2626-1"
              },
              {
                "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
              },
              {
                "name": "74309",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74309"
              },
              {
                "name": "FEDORA-2015-6252",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-29T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2015-6114",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
            },
            {
              "name": "FEDORA-2015-6123",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
            },
            {
              "name": "GLSA-201603-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201603-10"
            },
            {
              "name": "FEDORA-2015-6315",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.qt-project.org/#/c/108312/"
            },
            {
              "name": "FEDORA-2015-6364",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
            },
            {
              "name": "USN-2626-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2626-1"
            },
            {
              "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
            },
            {
              "name": "74309",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74309"
            },
            {
              "name": "FEDORA-2015-6252",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-1858",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-02-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:54:16.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0295 (GCVE-0-2015-0295)

    Vulnerability from nvd – Published: 2015-03-25 14:00 – Updated: 2024-08-06 04:03
    VLAI
    Summary
    The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/73029 vdb-entryx_refsource_BID
    http://lists.qt-project.org/pipermail/announce/20… mailing-listx_refsource_MLIST
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-updates/2015-0… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.ubuntu.com/usn/USN-2626-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2015-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:03:10.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "73029",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/73029"
              },
              {
                "name": "[Announce] 20150227 Qt Security Advisory: DoS vulnerability in the BMP image handler",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2015-February/000059.html"
              },
              {
                "name": "FEDORA-2015-2866",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html"
              },
              {
                "name": "FEDORA-2015-2901",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html"
              },
              {
                "name": "openSUSE-SU-2015:0573",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
              },
              {
                "name": "FEDORA-2015-2886",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html"
              },
              {
                "name": "FEDORA-2015-2895",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html"
              },
              {
                "name": "USN-2626-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2626-1"
              },
              {
                "name": "FEDORA-2015-2897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html"
              },
              {
                "name": "FEDORA-2015-2869",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-29T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "73029",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/73029"
            },
            {
              "name": "[Announce] 20150227 Qt Security Advisory: DoS vulnerability in the BMP image handler",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2015-February/000059.html"
            },
            {
              "name": "FEDORA-2015-2866",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html"
            },
            {
              "name": "FEDORA-2015-2901",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html"
            },
            {
              "name": "openSUSE-SU-2015:0573",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
            },
            {
              "name": "FEDORA-2015-2886",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html"
            },
            {
              "name": "FEDORA-2015-2895",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html"
            },
            {
              "name": "USN-2626-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2626-1"
            },
            {
              "name": "FEDORA-2015-2897",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html"
            },
            {
              "name": "FEDORA-2015-2869",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-0295",
        "datePublished": "2015-03-25T14:00:00.000Z",
        "dateReserved": "2014-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:03:10.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4549 (GCVE-0-2013-4549)

    Vulnerability from nvd – Published: 2013-12-23 22:00 – Updated: 2024-08-06 16:45
    VLAI
    Summary
    QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.qt-project.org/pipermail/announce/20… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/56166 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/56008 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    https://codereview.qt-project.org/#change%2C71010 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2057-1 vendor-advisoryx_refsource_UBUNTU
    https://codereview.qt-project.org/#change%2C71368 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2013-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:45:14.815Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
              },
              {
                "name": "56166",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/56166"
              },
              {
                "name": "openSUSE-SU-2014:0173",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
              },
              {
                "name": "56008",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/56008"
              },
              {
                "name": "openSUSE-SU-2014:0125",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.qt-project.org/#change%2C71010"
              },
              {
                "name": "openSUSE-SU-2014:0176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
              },
              {
                "name": "openSUSE-SU-2014:0067",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
              },
              {
                "name": "USN-2057-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2057-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.qt-project.org/#change%2C71368"
              },
              {
                "name": "openSUSE-SU-2014:0070",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
              },
              {
                "name": "FEDORA-2014-5695",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-05-08T12:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
            },
            {
              "name": "56166",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/56166"
            },
            {
              "name": "openSUSE-SU-2014:0173",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
            },
            {
              "name": "56008",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/56008"
            },
            {
              "name": "openSUSE-SU-2014:0125",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.qt-project.org/#change%2C71010"
            },
            {
              "name": "openSUSE-SU-2014:0176",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
            },
            {
              "name": "openSUSE-SU-2014:0067",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
            },
            {
              "name": "USN-2057-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2057-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.qt-project.org/#change%2C71368"
            },
            {
              "name": "openSUSE-SU-2014:0070",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
            },
            {
              "name": "FEDORA-2014-5695",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4549",
        "datePublished": "2013-12-23T22:00:00.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:45:14.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5624 (GCVE-0-2012-5624)

    Vulnerability from nvd – Published: 2013-02-24 19:00 – Updated: 2024-09-16 18:45
    VLAI
    Summary
    The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:16.054Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2013:0157",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
              },
              {
                "name": "USN-1723-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1723-1"
              },
              {
                "name": "52217",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/52217"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
              },
              {
                "name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.qt-project.org/#change%2C40034"
              },
              {
                "name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
              },
              {
                "name": "openSUSE-SU-2013:0154",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
              },
              {
                "name": "openSUSE-SU-2013:0143",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-24T19:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "openSUSE-SU-2013:0157",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
            },
            {
              "name": "USN-1723-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1723-1"
            },
            {
              "name": "52217",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/52217"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
            },
            {
              "name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.qt-project.org/#change%2C40034"
            },
            {
              "name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
            },
            {
              "name": "openSUSE-SU-2013:0154",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
            },
            {
              "name": "openSUSE-SU-2013:0143",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-5624",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2013:0157",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
                },
                {
                  "name": "USN-1723-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1723-1"
                },
                {
                  "name": "52217",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/52217"
                },
                {
                  "name": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
                  "refsource": "CONFIRM",
                  "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
                },
                {
                  "name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
                },
                {
                  "name": "https://codereview.qt-project.org/#change,40034",
                  "refsource": "CONFIRM",
                  "url": "https://codereview.qt-project.org/#change,40034"
                },
                {
                  "name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
                  "refsource": "MLIST",
                  "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
                },
                {
                  "name": "openSUSE-SU-2013:0154",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
                },
                {
                  "name": "openSUSE-SU-2013:0143",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5624",
        "datePublished": "2013-02-24T19:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:45:23.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-5076 (GCVE-0-2010-5076)

    Vulnerability from nvd – Published: 2012-06-29 19:00 – Updated: 2024-08-07 04:09
    VLAI
    Summary
    QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-1504-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/49895 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2012-0880.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/41236 third-party-advisoryx_refsource_SECUNIA
    http://qt.gitorious.org/qt/qt/commit/846f1b44eea4… x_refsource_CONFIRM
    http://qt.gitorious.org/qt/qt/commit/5f6018564668… x_refsource_CONFIRM
    http://secunia.com/advisories/49604 third-party-advisoryx_refsource_SECUNIA
    http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt x_refsource_MISC
    https://bugreports.qt-project.org/browse/QTBUG-4455 x_refsource_CONFIRM
    Date Public
    2010-07-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:09:38.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-1504-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1504-1"
              },
              {
                "name": "49895",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49895"
              },
              {
                "name": "RHSA-2012:0880",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
              },
              {
                "name": "41236",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41236"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
              },
              {
                "name": "49604",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49604"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject\u0027s Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-16T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-1504-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1504-1"
            },
            {
              "name": "49895",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49895"
            },
            {
              "name": "RHSA-2012:0880",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
            },
            {
              "name": "41236",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41236"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
            },
            {
              "name": "49604",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49604"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-5076",
        "datePublished": "2012-06-29T19:00:00.000Z",
        "dateReserved": "2011-12-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:09:38.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1766 (GCVE-0-2010-1766)

    Vulnerability from nvd – Published: 2010-07-22 01:00 – Updated: 2024-08-07 01:35
    VLAI
    Summary
    Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.vupen.com/english/advisories/2010/2722 vdb-entryx_refsource_VUPEN
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/43068 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2010/1801 vdb-entryx_refsource_VUPEN
    https://bugzilla.redhat.com/show_bug.cgi?id=596494 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-1006-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/41856 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0212 vdb-entryx_refsource_VUPEN
    https://bugs.webkit.org/show_bug.cgi?id=36339 x_refsource_CONFIRM
    http://secunia.com/advisories/40557 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2011/0552 vdb-entryx_refsource_VUPEN
    http://trac.webkit.org/changeset/56380 x_refsource_CONFIRM
    Date Public
    2010-06-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:35:53.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2011:039",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
              },
              {
                "name": "ADV-2010-2722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2722"
              },
              {
                "name": "FEDORA-2010-11020",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
              },
              {
                "name": "43068",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43068"
              },
              {
                "name": "ADV-2010-1801",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1801"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
              },
              {
                "name": "USN-1006-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1006-1"
              },
              {
                "name": "41856",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41856"
              },
              {
                "name": "ADV-2011-0212",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0212"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
              },
              {
                "name": "40557",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40557"
              },
              {
                "name": "SUSE-SR:2011:002",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
              },
              {
                "name": "FEDORA-2010-11011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
              },
              {
                "name": "ADV-2011-0552",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0552"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.webkit.org/changeset/56380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-06-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-11-03T09:00:00.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "name": "MDVSA-2011:039",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
            },
            {
              "name": "ADV-2010-2722",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2722"
            },
            {
              "name": "FEDORA-2010-11020",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
            },
            {
              "name": "43068",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "ADV-2010-1801",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1801"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
            },
            {
              "name": "USN-1006-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1006-1"
            },
            {
              "name": "41856",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41856"
            },
            {
              "name": "ADV-2011-0212",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
            },
            {
              "name": "40557",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40557"
            },
            {
              "name": "SUSE-SR:2011:002",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "FEDORA-2010-11011",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
            },
            {
              "name": "ADV-2011-0552",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0552"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.webkit.org/changeset/56380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2010-1766",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDVSA-2011:039",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
                },
                {
                  "name": "ADV-2010-2722",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2722"
                },
                {
                  "name": "FEDORA-2010-11020",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
                },
                {
                  "name": "43068",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43068"
                },
                {
                  "name": "ADV-2010-1801",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/1801"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=596494",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
                },
                {
                  "name": "USN-1006-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1006-1"
                },
                {
                  "name": "41856",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/41856"
                },
                {
                  "name": "ADV-2011-0212",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0212"
                },
                {
                  "name": "https://bugs.webkit.org/show_bug.cgi?id=36339",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
                },
                {
                  "name": "40557",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40557"
                },
                {
                  "name": "SUSE-SR:2011:002",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
                },
                {
                  "name": "FEDORA-2010-11011",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
                },
                {
                  "name": "ADV-2011-0552",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0552"
                },
                {
                  "name": "http://trac.webkit.org/changeset/56380",
                  "refsource": "CONFIRM",
                  "url": "http://trac.webkit.org/changeset/56380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2010-1766",
        "datePublished": "2010-07-22T01:00:00.000Z",
        "dateReserved": "2010-05-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:35:53.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2621 (GCVE-0-2010-2621)

    Vulnerability from nvd – Published: 2010-07-02 20:00 – Updated: 2024-08-07 02:39
    VLAI
    Summary
    The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/46410 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2010/1657 vdb-entryx_refsource_VUPEN
    http://aluigi.org/poc/qtsslame.zip x_refsource_MISC
    http://www.securityfocus.com/bid/41250 vdb-entryx_refsource_BID
    http://osvdb.org/65860 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/40389 third-party-advisoryx_refsource_SECUNIA
    http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfad… x_refsource_CONFIRM
    https://hermes.opensuse.org/messages/12056605 vendor-advisoryx_refsource_SUSE
    http://aluigi.org/adv/qtsslame-adv.txt x_refsource_MISC
    Date Public
    2010-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:39:37.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46410",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46410"
              },
              {
                "name": "ADV-2010-1657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1657"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.org/poc/qtsslame.zip"
              },
              {
                "name": "41250",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/41250"
              },
              {
                "name": "65860",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/65860"
              },
              {
                "name": "40389",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40389"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
              },
              {
                "name": "SUSE-SU-2011:1113",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/12056605"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.org/adv/qtsslame-adv.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-06-19T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "46410",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46410"
            },
            {
              "name": "ADV-2010-1657",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1657"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.org/poc/qtsslame.zip"
            },
            {
              "name": "41250",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/41250"
            },
            {
              "name": "65860",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/65860"
            },
            {
              "name": "40389",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40389"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
            },
            {
              "name": "SUSE-SU-2011:1113",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/12056605"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.org/adv/qtsslame-adv.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2621",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "46410",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/46410"
                },
                {
                  "name": "ADV-2010-1657",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/1657"
                },
                {
                  "name": "http://aluigi.org/poc/qtsslame.zip",
                  "refsource": "MISC",
                  "url": "http://aluigi.org/poc/qtsslame.zip"
                },
                {
                  "name": "41250",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/41250"
                },
                {
                  "name": "65860",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/65860"
                },
                {
                  "name": "40389",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40389"
                },
                {
                  "name": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
                  "refsource": "CONFIRM",
                  "url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
                },
                {
                  "name": "SUSE-SU-2011:1113",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/12056605"
                },
                {
                  "name": "http://aluigi.org/adv/qtsslame-adv.txt",
                  "refsource": "MISC",
                  "url": "http://aluigi.org/adv/qtsslame-adv.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2621",
        "datePublished": "2010-07-02T20:00:00.000Z",
        "dateReserved": "2010-07-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:39:37.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1858 (GCVE-0-2015-1858)

    Vulnerability from cvelistv5 – Published: 2015-05-12 19:00 – Updated: 2024-08-06 04:54
    VLAI
    Summary
    Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/201603-10 vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://codereview.qt-project.org/#/c/108312/ x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.ubuntu.com/usn/USN-2626-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.qt-project.org/pipermail/announce/20… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/74309 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2015-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:54:16.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2015-6114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
              },
              {
                "name": "FEDORA-2015-6123",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
              },
              {
                "name": "GLSA-201603-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201603-10"
              },
              {
                "name": "FEDORA-2015-6315",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.qt-project.org/#/c/108312/"
              },
              {
                "name": "FEDORA-2015-6364",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
              },
              {
                "name": "USN-2626-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2626-1"
              },
              {
                "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
              },
              {
                "name": "74309",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74309"
              },
              {
                "name": "FEDORA-2015-6252",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-29T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2015-6114",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
            },
            {
              "name": "FEDORA-2015-6123",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
            },
            {
              "name": "GLSA-201603-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201603-10"
            },
            {
              "name": "FEDORA-2015-6315",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.qt-project.org/#/c/108312/"
            },
            {
              "name": "FEDORA-2015-6364",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
            },
            {
              "name": "USN-2626-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2626-1"
            },
            {
              "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
            },
            {
              "name": "74309",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74309"
            },
            {
              "name": "FEDORA-2015-6252",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-1858",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-02-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:54:16.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1860 (GCVE-0-2015-1860)

    Vulnerability from cvelistv5 – Published: 2015-05-12 19:00 – Updated: 2024-08-06 04:54
    VLAI
    Summary
    Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/201603-10 vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/74302 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.ubuntu.com/usn/USN-2626-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.qt-project.org/pipermail/announce/20… mailing-listx_refsource_MLIST
    https://codereview.qt-project.org/#/c/108248/ x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2015-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:54:16.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2015-6114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
              },
              {
                "name": "FEDORA-2015-6573",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
              },
              {
                "name": "FEDORA-2015-6123",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
              },
              {
                "name": "GLSA-201603-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201603-10"
              },
              {
                "name": "FEDORA-2015-6315",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
              },
              {
                "name": "FEDORA-2015-6613",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
              },
              {
                "name": "74302",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74302"
              },
              {
                "name": "FEDORA-2015-6364",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
              },
              {
                "name": "FEDORA-2015-6661",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
              },
              {
                "name": "USN-2626-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2626-1"
              },
              {
                "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.qt-project.org/#/c/108248/"
              },
              {
                "name": "FEDORA-2015-6252",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-29T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2015-6114",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
            },
            {
              "name": "FEDORA-2015-6573",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
            },
            {
              "name": "FEDORA-2015-6123",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
            },
            {
              "name": "GLSA-201603-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201603-10"
            },
            {
              "name": "FEDORA-2015-6315",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
            },
            {
              "name": "FEDORA-2015-6613",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
            },
            {
              "name": "74302",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74302"
            },
            {
              "name": "FEDORA-2015-6364",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
            },
            {
              "name": "FEDORA-2015-6661",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
            },
            {
              "name": "USN-2626-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2626-1"
            },
            {
              "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.qt-project.org/#/c/108248/"
            },
            {
              "name": "FEDORA-2015-6252",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-1860",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-02-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:54:16.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1859 (GCVE-0-2015-1859)

    Vulnerability from cvelistv5 – Published: 2015-05-12 19:00 – Updated: 2024-08-06 04:54
    VLAI
    Summary
    Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/74307 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/74310 vdb-entryx_refsource_BID
    https://security.gentoo.org/glsa/201603-10 vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.ubuntu.com/usn/USN-2626-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.qt-project.org/pipermail/announce/20… mailing-listx_refsource_MLIST
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2015-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:54:16.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2015-6114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
              },
              {
                "name": "74307",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74307"
              },
              {
                "name": "FEDORA-2015-6123",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
              },
              {
                "name": "74310",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74310"
              },
              {
                "name": "GLSA-201603-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201603-10"
              },
              {
                "name": "FEDORA-2015-6315",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
              },
              {
                "name": "FEDORA-2015-6364",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
              },
              {
                "name": "USN-2626-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2626-1"
              },
              {
                "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
              },
              {
                "name": "FEDORA-2015-6252",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-29T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2015-6114",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
            },
            {
              "name": "74307",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74307"
            },
            {
              "name": "FEDORA-2015-6123",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
            },
            {
              "name": "74310",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74310"
            },
            {
              "name": "GLSA-201603-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201603-10"
            },
            {
              "name": "FEDORA-2015-6315",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
            },
            {
              "name": "FEDORA-2015-6364",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
            },
            {
              "name": "USN-2626-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2626-1"
            },
            {
              "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
            },
            {
              "name": "FEDORA-2015-6252",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-1859",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-02-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:54:16.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0295 (GCVE-0-2015-0295)

    Vulnerability from cvelistv5 – Published: 2015-03-25 14:00 – Updated: 2024-08-06 04:03
    VLAI
    Summary
    The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/73029 vdb-entryx_refsource_BID
    http://lists.qt-project.org/pipermail/announce/20… mailing-listx_refsource_MLIST
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-updates/2015-0… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.ubuntu.com/usn/USN-2626-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2015-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:03:10.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "73029",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/73029"
              },
              {
                "name": "[Announce] 20150227 Qt Security Advisory: DoS vulnerability in the BMP image handler",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2015-February/000059.html"
              },
              {
                "name": "FEDORA-2015-2866",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html"
              },
              {
                "name": "FEDORA-2015-2901",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html"
              },
              {
                "name": "openSUSE-SU-2015:0573",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
              },
              {
                "name": "FEDORA-2015-2886",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html"
              },
              {
                "name": "FEDORA-2015-2895",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html"
              },
              {
                "name": "USN-2626-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2626-1"
              },
              {
                "name": "FEDORA-2015-2897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html"
              },
              {
                "name": "FEDORA-2015-2869",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-29T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "73029",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/73029"
            },
            {
              "name": "[Announce] 20150227 Qt Security Advisory: DoS vulnerability in the BMP image handler",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2015-February/000059.html"
            },
            {
              "name": "FEDORA-2015-2866",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html"
            },
            {
              "name": "FEDORA-2015-2901",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html"
            },
            {
              "name": "openSUSE-SU-2015:0573",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
            },
            {
              "name": "FEDORA-2015-2886",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html"
            },
            {
              "name": "FEDORA-2015-2895",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html"
            },
            {
              "name": "USN-2626-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2626-1"
            },
            {
              "name": "FEDORA-2015-2897",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html"
            },
            {
              "name": "FEDORA-2015-2869",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-0295",
        "datePublished": "2015-03-25T14:00:00.000Z",
        "dateReserved": "2014-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:03:10.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4549 (GCVE-0-2013-4549)

    Vulnerability from cvelistv5 – Published: 2013-12-23 22:00 – Updated: 2024-08-06 16:45
    VLAI
    Summary
    QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.qt-project.org/pipermail/announce/20… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/56166 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/56008 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    https://codereview.qt-project.org/#change%2C71010 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2057-1 vendor-advisoryx_refsource_UBUNTU
    https://codereview.qt-project.org/#change%2C71368 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2013-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:45:14.815Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
              },
              {
                "name": "56166",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/56166"
              },
              {
                "name": "openSUSE-SU-2014:0173",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
              },
              {
                "name": "56008",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/56008"
              },
              {
                "name": "openSUSE-SU-2014:0125",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.qt-project.org/#change%2C71010"
              },
              {
                "name": "openSUSE-SU-2014:0176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
              },
              {
                "name": "openSUSE-SU-2014:0067",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
              },
              {
                "name": "USN-2057-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2057-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.qt-project.org/#change%2C71368"
              },
              {
                "name": "openSUSE-SU-2014:0070",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
              },
              {
                "name": "FEDORA-2014-5695",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-05-08T12:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
            },
            {
              "name": "56166",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/56166"
            },
            {
              "name": "openSUSE-SU-2014:0173",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
            },
            {
              "name": "56008",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/56008"
            },
            {
              "name": "openSUSE-SU-2014:0125",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.qt-project.org/#change%2C71010"
            },
            {
              "name": "openSUSE-SU-2014:0176",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
            },
            {
              "name": "openSUSE-SU-2014:0067",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
            },
            {
              "name": "USN-2057-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2057-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.qt-project.org/#change%2C71368"
            },
            {
              "name": "openSUSE-SU-2014:0070",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
            },
            {
              "name": "FEDORA-2014-5695",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4549",
        "datePublished": "2013-12-23T22:00:00.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:45:14.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5624 (GCVE-0-2012-5624)

    Vulnerability from cvelistv5 – Published: 2013-02-24 19:00 – Updated: 2024-09-16 18:45
    VLAI
    Summary
    The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:16.054Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2013:0157",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
              },
              {
                "name": "USN-1723-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1723-1"
              },
              {
                "name": "52217",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/52217"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
              },
              {
                "name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.qt-project.org/#change%2C40034"
              },
              {
                "name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
              },
              {
                "name": "openSUSE-SU-2013:0154",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
              },
              {
                "name": "openSUSE-SU-2013:0143",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-24T19:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "openSUSE-SU-2013:0157",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
            },
            {
              "name": "USN-1723-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1723-1"
            },
            {
              "name": "52217",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/52217"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
            },
            {
              "name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.qt-project.org/#change%2C40034"
            },
            {
              "name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
            },
            {
              "name": "openSUSE-SU-2013:0154",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
            },
            {
              "name": "openSUSE-SU-2013:0143",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-5624",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2013:0157",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
                },
                {
                  "name": "USN-1723-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1723-1"
                },
                {
                  "name": "52217",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/52217"
                },
                {
                  "name": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
                  "refsource": "CONFIRM",
                  "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
                },
                {
                  "name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
                },
                {
                  "name": "https://codereview.qt-project.org/#change,40034",
                  "refsource": "CONFIRM",
                  "url": "https://codereview.qt-project.org/#change,40034"
                },
                {
                  "name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
                  "refsource": "MLIST",
                  "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
                },
                {
                  "name": "openSUSE-SU-2013:0154",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
                },
                {
                  "name": "openSUSE-SU-2013:0143",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5624",
        "datePublished": "2013-02-24T19:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:45:23.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-5076 (GCVE-0-2010-5076)

    Vulnerability from cvelistv5 – Published: 2012-06-29 19:00 – Updated: 2024-08-07 04:09
    VLAI
    Summary
    QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-1504-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/49895 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2012-0880.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/41236 third-party-advisoryx_refsource_SECUNIA
    http://qt.gitorious.org/qt/qt/commit/846f1b44eea4… x_refsource_CONFIRM
    http://qt.gitorious.org/qt/qt/commit/5f6018564668… x_refsource_CONFIRM
    http://secunia.com/advisories/49604 third-party-advisoryx_refsource_SECUNIA
    http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt x_refsource_MISC
    https://bugreports.qt-project.org/browse/QTBUG-4455 x_refsource_CONFIRM
    Date Public
    2010-07-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:09:38.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-1504-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1504-1"
              },
              {
                "name": "49895",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49895"
              },
              {
                "name": "RHSA-2012:0880",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
              },
              {
                "name": "41236",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41236"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
              },
              {
                "name": "49604",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49604"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject\u0027s Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-16T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-1504-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1504-1"
            },
            {
              "name": "49895",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49895"
            },
            {
              "name": "RHSA-2012:0880",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
            },
            {
              "name": "41236",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41236"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
            },
            {
              "name": "49604",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49604"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-5076",
        "datePublished": "2012-06-29T19:00:00.000Z",
        "dateReserved": "2011-12-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:09:38.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1766 (GCVE-0-2010-1766)

    Vulnerability from cvelistv5 – Published: 2010-07-22 01:00 – Updated: 2024-08-07 01:35
    VLAI
    Summary
    Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.vupen.com/english/advisories/2010/2722 vdb-entryx_refsource_VUPEN
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/43068 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2010/1801 vdb-entryx_refsource_VUPEN
    https://bugzilla.redhat.com/show_bug.cgi?id=596494 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-1006-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/41856 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0212 vdb-entryx_refsource_VUPEN
    https://bugs.webkit.org/show_bug.cgi?id=36339 x_refsource_CONFIRM
    http://secunia.com/advisories/40557 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2011/0552 vdb-entryx_refsource_VUPEN
    http://trac.webkit.org/changeset/56380 x_refsource_CONFIRM
    Date Public
    2010-06-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:35:53.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2011:039",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
              },
              {
                "name": "ADV-2010-2722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2722"
              },
              {
                "name": "FEDORA-2010-11020",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
              },
              {
                "name": "43068",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43068"
              },
              {
                "name": "ADV-2010-1801",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1801"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
              },
              {
                "name": "USN-1006-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1006-1"
              },
              {
                "name": "41856",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41856"
              },
              {
                "name": "ADV-2011-0212",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0212"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
              },
              {
                "name": "40557",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40557"
              },
              {
                "name": "SUSE-SR:2011:002",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
              },
              {
                "name": "FEDORA-2010-11011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
              },
              {
                "name": "ADV-2011-0552",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0552"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.webkit.org/changeset/56380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-06-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-11-03T09:00:00.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "name": "MDVSA-2011:039",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
            },
            {
              "name": "ADV-2010-2722",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2722"
            },
            {
              "name": "FEDORA-2010-11020",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
            },
            {
              "name": "43068",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "ADV-2010-1801",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1801"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
            },
            {
              "name": "USN-1006-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1006-1"
            },
            {
              "name": "41856",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41856"
            },
            {
              "name": "ADV-2011-0212",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
            },
            {
              "name": "40557",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40557"
            },
            {
              "name": "SUSE-SR:2011:002",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "FEDORA-2010-11011",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
            },
            {
              "name": "ADV-2011-0552",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0552"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.webkit.org/changeset/56380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2010-1766",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDVSA-2011:039",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
                },
                {
                  "name": "ADV-2010-2722",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2722"
                },
                {
                  "name": "FEDORA-2010-11020",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
                },
                {
                  "name": "43068",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43068"
                },
                {
                  "name": "ADV-2010-1801",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/1801"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=596494",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
                },
                {
                  "name": "USN-1006-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1006-1"
                },
                {
                  "name": "41856",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/41856"
                },
                {
                  "name": "ADV-2011-0212",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0212"
                },
                {
                  "name": "https://bugs.webkit.org/show_bug.cgi?id=36339",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
                },
                {
                  "name": "40557",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40557"
                },
                {
                  "name": "SUSE-SR:2011:002",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
                },
                {
                  "name": "FEDORA-2010-11011",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
                },
                {
                  "name": "ADV-2011-0552",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0552"
                },
                {
                  "name": "http://trac.webkit.org/changeset/56380",
                  "refsource": "CONFIRM",
                  "url": "http://trac.webkit.org/changeset/56380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2010-1766",
        "datePublished": "2010-07-22T01:00:00.000Z",
        "dateReserved": "2010-05-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:35:53.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2621 (GCVE-0-2010-2621)

    Vulnerability from cvelistv5 – Published: 2010-07-02 20:00 – Updated: 2024-08-07 02:39
    VLAI
    Summary
    The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/46410 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2010/1657 vdb-entryx_refsource_VUPEN
    http://aluigi.org/poc/qtsslame.zip x_refsource_MISC
    http://www.securityfocus.com/bid/41250 vdb-entryx_refsource_BID
    http://osvdb.org/65860 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/40389 third-party-advisoryx_refsource_SECUNIA
    http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfad… x_refsource_CONFIRM
    https://hermes.opensuse.org/messages/12056605 vendor-advisoryx_refsource_SUSE
    http://aluigi.org/adv/qtsslame-adv.txt x_refsource_MISC
    Date Public
    2010-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:39:37.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46410",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46410"
              },
              {
                "name": "ADV-2010-1657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1657"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.org/poc/qtsslame.zip"
              },
              {
                "name": "41250",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/41250"
              },
              {
                "name": "65860",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/65860"
              },
              {
                "name": "40389",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40389"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
              },
              {
                "name": "SUSE-SU-2011:1113",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/12056605"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.org/adv/qtsslame-adv.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-06-19T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "46410",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46410"
            },
            {
              "name": "ADV-2010-1657",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1657"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.org/poc/qtsslame.zip"
            },
            {
              "name": "41250",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/41250"
            },
            {
              "name": "65860",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/65860"
            },
            {
              "name": "40389",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40389"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
            },
            {
              "name": "SUSE-SU-2011:1113",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/12056605"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.org/adv/qtsslame-adv.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2621",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "46410",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/46410"
                },
                {
                  "name": "ADV-2010-1657",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/1657"
                },
                {
                  "name": "http://aluigi.org/poc/qtsslame.zip",
                  "refsource": "MISC",
                  "url": "http://aluigi.org/poc/qtsslame.zip"
                },
                {
                  "name": "41250",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/41250"
                },
                {
                  "name": "65860",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/65860"
                },
                {
                  "name": "40389",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40389"
                },
                {
                  "name": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
                  "refsource": "CONFIRM",
                  "url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
                },
                {
                  "name": "SUSE-SU-2011:1113",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/12056605"
                },
                {
                  "name": "http://aluigi.org/adv/qtsslame-adv.txt",
                  "refsource": "MISC",
                  "url": "http://aluigi.org/adv/qtsslame-adv.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2621",
        "datePublished": "2010-07-02T20:00:00.000Z",
        "dateReserved": "2010-07-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:39:37.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }