32 matches found
Fedora 16 : qt-4.8.4-6.fc16 (2013-0270)
This build fixes a security issues : - QSslSocket may report incorrect errors when certificate verification fails. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html - blacklists unauthorized SSL certificates by Turktrust. For more information:...
Fedora 18 : qt-4.8.4-6.fc18 (2013-0199)
This build fixes a security issues : - QSslSocket may report incorrect errors when certificate verification fails. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html - blacklists unauthorized SSL certificates by Turktrust. For more information:...
Fedora 17 : qt-4.8.4-6.fc17 (2013-0277)
This build fixes a security issues : - QSslSocket may report incorrect errors when certificate verification fails. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html - blacklists unauthorized SSL certificates by Turktrust. For more information:...
Code injection
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority...
CVE-2010-5076
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority...
CVE-2010-5076
Removed by vendor...
CVE-2010-5076
Qt’s QSslSocket before 4.7.0-rc1 accepts wildcard IPs in the X.509 certificate subject CN, enabling potential MITM spoofing of SSL servers via certificates from trusted CAs. Affected: Qt Qt-based SSL/TLS implementations prior to 4.7.0-rc1. Root cause: improper hostname verification for wildcard I...
CVE-2010-5076
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority...
Qt 'QSslSocketBackendPrivate::transmit()' Denial of Service Vulnerability
This host is installed with Qt and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbqtdosvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ Qt 'QSslSocketBackendPrivate::transmit' Denial of Service Vulnerability Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone...
USN-579-1: Qt vulnerability
It was discovered that QSslSocket did not properly verify SSL certificates. A remote attacker may be able to trick applications using QSslSocket into accepting invalid SSL certificates...
CVE-2007-5965
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user...
Trolltech Qt QSslSocket类证书验证绕过安全限制漏洞
BUGTRAQ ID: 27112 CVECAN ID: CVE-2007-5965 Qt是一款C++应用开发工具,包括类库和跨平台开发工具。 Qt可能没有对SSL连接中的QSslSocket类证书执行验证,使用QSslSocket的应用可能受骗接受伪造的证书,这有助于攻击者执行网络钓鱼类的攻击。 Trolltech Qt 4.3.2 Trolltech Qt 4.3.1 Trolltech Qt 4.3.0 Trolltech --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...