ROSA LABROSA-SA-2021-1959Advisory ROSA-SA-2021-1959
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.044 Low
EPSS
Percentile
92.5%
Software: qt 4.8.7
OS: Cobalt 7.9
CVE-ID: CVE-2014-0190
CVE-Crit: HIGH
CVE-DESC: The GIF decoder in QtGui in Qt before version 5.3 allows remote attackers to cause a denial of service (dereferencing a NULL pointer) via invalid width and height values in a GIF image.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-0295
CVE-Crit: MEDIUM
CVE-DESC: BMP decoder in QtGui in QT before 5.5 incorrectly calculates masks used to extract color components, allowing remote attackers to cause a denial of service (division by zero and crash) via the generated BMP file .
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-1290
CVE-Crit: HIGH
CVE-DESC: Google’s V8 mechanism, which was used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code through a crafted website.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-8079
CVE-Crit: MEDIUM
CVE-DESC: qt5-qtwebkit before version 5.4 writes private browsing URLs to its icon database, WebpageIcons.db.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-10904
CVE-Crit: CRITICAL.
CVE-DESC: Qt for Android before 5.9.0 allows remote attackers to execute arbitrary OS commands via undefined vectors.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2017-10905
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in applications created using Qt for Android before 5.9.3 allows attackers to modify environment variables using undefined vectors.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-21035
CVE-Crit: HIGH
CVE-DESC: With Qt through 5.14.1, WebSocket implementations accept up to 2 GB for frames and 2 GB for messages. Smaller limits cannot be configured. This allows attackers to cause a denial of service (memory consumption).
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2020-0570
CVE-Crit: HIGH
CVE-DESC: An uncontrolled search path in the QT library prior to versions 5.14.0, 5.12.7, and 5.9.10 may allow an authenticated user to potentially allow privilege escalation via local access.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-17507
CVE-Crit: MEDIUM
CVE-DESC: The problem was found in Qt versions before 5.12.9 and from 5.13.x through 5.15.x to 5.15.1. read_xbm_body in gui / image / qxbmhandler.cpp has a buffer overflow.
CVE-STATUS: default
CVE-REV: default
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.044 Low
EPSS
Percentile
92.5%