Approved changes feed: RSS · Atom

cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*

part: a version: 4.3.3 update: *

VendorQt (ac351d54-6a3a-5b90-a60b-6ef58ef23803)
ProductQt (fb46f139-0d7d-5cf6-a2f2-b5bc72f4c130)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/qtbase5-dev purl2cpe 2026-06-01 10:16:55.734613
pkg:deb/ubuntu/qtbase5-dev purl2cpe 2026-06-01 10:16:55.734615
pkg:github/qt/qt purl2cpe 2026-06-01 10:16:55.734616
pkg:github/qt/qt5 purl2cpe 2026-06-01 10:16:55.734618
pkg:qt/qt purl2cpe 2026-06-01 10:16:55.734619
pkg:rpm/fedora/qt5-qtbase purl2cpe 2026-06-01 10:16:55.734620
pkg:rpm/opensuse/qt5-qtbase purl2cpe 2026-06-01 10:16:55.734622

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2013-0254 vulnerable 2026-06-08 05:03:46.503005 Details available
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
Published: 2013-02-06T11:00:00.000Z
Updated: 2024-08-06T14:18:09.656Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2012-5624 vulnerable 2026-06-08 05:02:57.584787 Details available
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
Published: 2013-02-24T19:00:00.000Z
Updated: 2024-09-16T18:45:23.183Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-5076 vulnerable 2026-06-08 04:56:32.083002 Details available
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Published: 2012-06-29T19:00:00.000Z
Updated: 2024-08-07T04:09:38.930Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-2621 vulnerable 2026-06-08 04:55:09.086287 Details available
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
Published: 2010-07-02T20:00:00.000Z
Updated: 2024-08-07T02:39:37.809Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-2700 vulnerable 2026-06-08 04:51:30.117626 Details available
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Published: 2009-09-02T17:00:00.000Z
Updated: 2024-08-07T05:59:56.946Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.