RSS   Vulnerabilities for 'QT'   RSS

2022-03-02
 
CVE-2022-25634

CWE-22
 

 
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

 
2021-08-09
 
CVE-2020-24741

NVD-CWE-noinfo
 

 
An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

 
 
CVE-2020-24742

NVD-CWE-noinfo
 

 
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

 
2020-09-14
 
CVE-2020-0570

CWE-426
 

 
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

 
2020-08-12
 
CVE-2020-17507

CWE-120
 

 
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.

 
2020-06-09
 
CVE-2020-13962

NVD-CWE-noinfo
 

 
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)

 
2020-04-27
 
CVE-2020-12267

CWE-416
 

 
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.

 
2020-02-28
 
CVE-2018-21035

CWE-400
 

 
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).

 
2020-01-24
 
CVE-2015-9541

CWE-776
 

 
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

 
2019-03-21
 
CVE-2018-19872

CWE-369
 

 
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

 


Copyright 2024, cxsecurity.com

 

Back to Top