Total
54 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-0570 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-02-28 | 4.4 MEDIUM | 7.3 HIGH |
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. | |||||
CVE-2020-13962 | 4 Fedoraproject, Mumble, Opensuse and 1 more | 4 Fedora, Mumble, Leap and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) | |||||
CVE-2020-17507 | 3 Debian, Fedoraproject, Qt | 3 Debian Linux, Fedora, Qt | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. | |||||
CVE-2020-12267 | 1 Qt | 1 Qt | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. | |||||
CVE-2015-9541 | 2 Fedoraproject, Qt | 2 Fedora, Qt | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | |||||
CVE-2018-21035 | 1 Qt | 1 Qt | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | |||||
CVE-2018-19872 | 3 Fedoraproject, Opensuse, Qt | 3 Fedora, Leap, Qt | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. | |||||
CVE-2018-19873 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. | |||||
CVE-2018-15518 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. | |||||
CVE-2018-19869 | 2 Opensuse, Qt | 2 Leap, Qt | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. | |||||
CVE-2018-19870 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. | |||||
CVE-2018-19865 | 2 Opensuse, Qt | 2 Leap, Qt | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. | |||||
CVE-2018-19871 | 2 Opensuse, Qt | 2 Leap, Qt | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. | |||||
CVE-2017-10904 | 1 Qt | 1 Qt | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2015-1290 | 3 Google, Opensuse, Qt | 3 Chrome, Leap, Qt | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. | |||||
CVE-2017-10905 | 1 Qt | 1 Qt | 2024-02-28 | 6.8 MEDIUM | 5.3 MEDIUM |
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. | |||||
CVE-2017-15011 | 1 Qt | 1 Qt | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. | |||||
CVE-2015-1860 | 3 Digia, Fedoraproject, Qt | 3 Qt, Fedora, Qt | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. | |||||
CVE-2015-1858 | 3 Digia, Fedoraproject, Qt | 3 Qt, Fedora, Qt | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. | |||||
CVE-2015-7298 | 2 Owncloud, Qt | 2 Owncloud Desktop Client, Qt | 2024-02-28 | 5.1 MEDIUM | N/A |
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. |