Vulnerabilities for QT (...) - CXSECURITY.COM

Vulnerabilities for 'QT'

2012-06-29

CVE-2010-5076

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

2012-06-15

CVE-2011-3193

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

2010-07-02

CVE-2010-2621

The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.

2009-09-02

CVE-2009-2700

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

2006-10-18

CVE-2006-4811

CWE-189

Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.

>>> Vendor: Nokia 38 Products

Ip440 firewall vpn appliance

Firewall appliance

Electronic documentation

Groupwise mobile server

Intellisync mobile suite

Intellisync wireless email express

Symbian s60 browser

N810 internet tablet

Multimedia player

@vantage commander

I-240w-q gpon ont firmware

8810 4g firmware

Bts trs web console

Copyright 2024, cxsecurity.com