Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Dependency | Vulnerability IDs | Package | Highest Severity | CVE Count | Confidence | Evidence Count |
---|---|---|---|---|---|---|
JEasyCTEP-3.2.0.jar | 0 | 13 | ||||
Qt5CoreEik.dll | cpe:2.3:a:qt:qt:5:*:*:*:*:*:*:* | CRITICAL | 21 | High | 4 | |
Qt5NetworkEik.dll | cpe:2.3:a:qt:qt:5:*:*:*:*:*:*:* | CRITICAL | 21 | High | 4 | |
Qt5SerialPortEik.dll | cpe:2.3:a:qt:qt:5:*:*:*:*:*:*:* | CRITICAL | 21 | High | 4 | |
easyctep.dll | 0 | 2 | ||||
jeasyctep.dll | 0 | 2 |
File Path: /home/huehner/ob/git/repo-clones/openbravo/product/pmods/hwmanager-atosworldline/lib/JEasyCTEP-3.2.0.jar
MD5: 562ff485d8ba08411d724768d1131a53
SHA1: e6fc1cd820add3ef1237b6238840c46e6cce3635
SHA256:0ab995f8c13f99c77bc13844f2788f2f61c380991214788a55db25fcbbc49799
File Path: /home/huehner/ob/git/repo-clones/openbravo/product/pmods/hwmanager-atosworldline/lib/win64/Qt5CoreEik.dll
MD5: 62c9e32996008e87a91469b6a867fd1a
SHA1: 4941313105c075ff813b6406ce3d915dc083ea81
SHA256:b0d512fa545801141db3f6a126572b13136d5ea02b88770def79072a5e00f8ef
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Vulnerable Software & Versions:
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Vulnerable Software & Versions:
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.CWE-190 Integer Overflow or Wraparound
Vulnerable Software & Versions: (show all)
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.CWE-476 NULL Pointer Dereference
Vulnerable Software & Versions:
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).CWE-770 Allocation of Resources Without Limits or Throttling
Vulnerable Software & Versions:
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Vulnerable Software & Versions: (show all)
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Vulnerable Software & Versions: (show all)
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.CWE-426 Untrusted Search Path
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.CWE-400 Uncontrolled Resource Consumption
Vulnerable Software & Versions:
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.CWE-369 Divide By Zero
Vulnerable Software & Versions: (show all)
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.NVD-CWE-noinfo
Vulnerable Software & Versions:
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.CWE-125 Out-of-bounds Read
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.CWE-295 Improper Certificate Validation
Vulnerable Software & Versions: (show all)
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.CWE-476 NULL Pointer Dereference
Vulnerable Software & Versions:
File Path: /home/huehner/ob/git/repo-clones/openbravo/product/pmods/hwmanager-atosworldline/lib/win64/Qt5NetworkEik.dll
MD5: fd612d9d23e1094f5ad7b57deaf6fc27
SHA1: 2273c8f789d733fefb44d70a094fc867f40fa7d6
SHA256:b7f0557fc6858acb26cad81f6932f53ab2da82664ebd87d92b892271fc5706e7
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Vulnerable Software & Versions:
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Vulnerable Software & Versions:
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.CWE-190 Integer Overflow or Wraparound
Vulnerable Software & Versions: (show all)
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.CWE-476 NULL Pointer Dereference
Vulnerable Software & Versions:
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).CWE-770 Allocation of Resources Without Limits or Throttling
Vulnerable Software & Versions:
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Vulnerable Software & Versions: (show all)
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Vulnerable Software & Versions: (show all)
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.CWE-426 Untrusted Search Path
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.CWE-400 Uncontrolled Resource Consumption
Vulnerable Software & Versions:
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.CWE-369 Divide By Zero
Vulnerable Software & Versions: (show all)
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.NVD-CWE-noinfo
Vulnerable Software & Versions:
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.CWE-125 Out-of-bounds Read
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.CWE-295 Improper Certificate Validation
Vulnerable Software & Versions: (show all)
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.CWE-476 NULL Pointer Dereference
Vulnerable Software & Versions:
File Path: /home/huehner/ob/git/repo-clones/openbravo/product/pmods/hwmanager-atosworldline/lib/win64/Qt5SerialPortEik.dll
MD5: a3f702148a6335f7c07ca9f40d4baa2c
SHA1: 0302258289c75bd9669f906e186a94fecf7f9a61
SHA256:92063fc6d243df2029212c13c4c24d87b0e8f10a696e0e7bdca175b33a0afb8f
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Vulnerable Software & Versions:
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Vulnerable Software & Versions:
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.CWE-190 Integer Overflow or Wraparound
Vulnerable Software & Versions: (show all)
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.CWE-476 NULL Pointer Dereference
Vulnerable Software & Versions:
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).CWE-770 Allocation of Resources Without Limits or Throttling
Vulnerable Software & Versions:
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Vulnerable Software & Versions: (show all)
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Vulnerable Software & Versions: (show all)
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.CWE-426 Untrusted Search Path
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.CWE-400 Uncontrolled Resource Consumption
Vulnerable Software & Versions:
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.CWE-369 Divide By Zero
Vulnerable Software & Versions: (show all)
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.NVD-CWE-noinfo
Vulnerable Software & Versions:
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.CWE-125 Out-of-bounds Read
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.CWE-295 Improper Certificate Validation
Vulnerable Software & Versions: (show all)
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.CWE-476 NULL Pointer Dereference
Vulnerable Software & Versions:
File Path: /home/huehner/ob/git/repo-clones/openbravo/product/pmods/hwmanager-atosworldline/lib/win64/easyctep.dll
MD5: 99461b319a324a8f7d08a1f9055cba28
SHA1: 559fe5f2853e20a96c761d70951250e95ff444bd
SHA256:bee41de5829e1f37a35a549fdcb015182897d86525e647129f643a2bb6e2c6be
File Path: /home/huehner/ob/git/repo-clones/openbravo/product/pmods/hwmanager-atosworldline/lib/win64/jeasyctep.dll
MD5: 96dc4895c99466bb41939a328fdbb23c
SHA1: e88c1a01fb2b932afe889315ab8a24d7f7e381fe
SHA256:ba7bb8d3647c8601c03fb9c812f482972562fa1ec75496ba4daf7cd6498639de