Filtered by vendor Qt
Subscriptions
Total
57 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2700 | 1 Qt | 1 Qt | 2021-06-16 | N/A |
| src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2010-5076 | 2 Digia, Qt | 2 Qt, Qt | 2021-06-16 | N/A |
| QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||||
| CVE-2010-2621 | 2 Digia, Qt | 2 Qt, Qt | 2021-06-16 | N/A |
| The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. | ||||
| CVE-2015-7298 | 2 Owncloud, Qt | 2 Owncloud Desktop Client, Qt | 2021-06-16 | N/A |
| ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. | ||||
| CVE-2011-3194 | 1 Qt | 1 Qt | 2021-06-16 | N/A |
| Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. | ||||
| CVE-2006-4811 | 2 Qt, Redhat | 2 Qt, Kdelibs | 2021-06-16 | N/A |
| Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. | ||||
| CVE-2018-19869 | 2 Opensuse, Qt | 2 Leap, Qt | 2020-11-02 | N/A |
| An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. | ||||
| CVE-2018-19873 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2020-09-28 | N/A |
| An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. | ||||
| CVE-2018-19871 | 2 Opensuse, Qt | 2 Leap, Qt | 2020-09-28 | N/A |
| An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. | ||||
| CVE-2018-19870 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2020-09-28 | N/A |
| An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. | ||||
| CVE-2018-15518 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2020-09-28 | N/A |
| QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. | ||||
| CVE-2018-21035 | 1 Qt | 1 Qt | 2020-08-24 | 7.5 High |
| In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | ||||
| CVE-2019-18281 | 2 Debian, Qt | 2 Debian Linux, Qtbase | 2020-03-26 | 4.3 Medium |
| An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. | ||||
| CVE-2017-10905 | 1 Qt | 1 Qt | 2019-10-03 | N/A |
| A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. | ||||
| CVE-2018-19865 | 2 Opensuse, Qt | 2 Leap, Qt | 2019-05-10 | N/A |
| A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. | ||||
| CVE-2017-10904 | 1 Qt | 1 Qt | 2017-12-28 | N/A |
| Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2016-10040 | 1 Qt | 1 Qxmlsimplereader | 2017-03-08 | N/A |
| Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags. | ||||