88 matches found
[SECURITY] Fedora 40 Update: qt6-qtlottie-6.7.1-1.fc40
Qt Lottie Animation provides a QML API for rendering graphics and animations that are exported in JSON format by the Bodymovin plugin for Adobe After Effects...
[SECURITY] Fedora 40 Update: qt6-qtcharts-6.7.1-1.fc40
Qt Charts module provides a set of easy to use chart components. It uses the Qt Graphics View Framework, therefore charts can be easily integrated to modern user interfaces. Qt Charts can be used as QWidgets, QGra phicsWidget, or QML types. Users can easily create impressive graphs by selecting o...
PT-2023-29737 · Qt Company · Qt
Name of the Vulnerable Software and Affected Versions: Qt versions prior to 6.2.11 Qt versions 6.3.x through 6.6.x before 6.6.1 Description: An issue was discovered in Qt when a QML image refers to an image whose content is not known yet, leading to an assumption that it is an SVG document. If th...
SUSE CVE-2023-45872
An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service application crash if it is not actually an SVG document...
Security advisory: Loading invalid QML image source impacts Qt
An issue when loading an invalid QML image source has been reported and has been assigned the CVE id CVE-2023-45872. When an invalid source is used to indicate an image to be loaded is specified then it will end up trying to load it as a SVG file which will trigger a crash in Qt SVG. This does no...
openSUSE 15 Security Update : nextcloud-desktop (openSUSE-SU-2023:0090-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0090-1 advisory. - Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client...
[SECURITY] Fedora 38 Update: kpipewire-5.27.2-2.fc38
It is developed in C++ and it's main use target is QML components. As it's what's been useful, this framework focuses on graphical PipeWire features. If it was necessary, these could be included. At the moment we offer two main components: - KPipeWire: offers the main components to connect to and...
[SECURITY] Fedora 38 Update: haruna-0.10.3-3.fc38
Open source video player built with Qt/QML and libmpv. Features: + play online videos, through youtube-dl; + supports youtube playlists; + toggle playlist with mouse-over, playlist overlays the video; + auto skip chapter containing certain words; + configurable shortcuts and mouse buttons; + quic...
Fedora: Security Advisory for kpipewire (FEDORA-2023-e31c3e4b6c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: kpipewire-5.27.1-1.fc37
It is developed in C++ and it's main use target is QML components. As it's what's been useful, this framework focuses on graphical PipeWire features. If it was necessary, these could be included. At the moment we offer two main components: - KPipeWire: offers the main components to connect to and...
qt-users-jp silk 跨站脚本漏洞
silk is qt-users-jp open source a simple and flexible web framework . A cross-site scripting vulnerability exists in qt-users-jp silk version 0.0.1, which stems from a problem with the unknown code in the file /root/examples/header.qml, where manipulation of the parameter model.key/model.value ca...
SUSE CVE-2012-5624
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application...
SUSE CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
UBUNTU-CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
CVE-2023-23942 Self reflected HTML injection in Desktop client
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
Nextcloud 跨站脚本漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Desktop Client versions prior to 3.6.3, which stems from a lack of cleanup of qml tags, leading to...
PT-2023-19313 · Nextcloud +2 · Nextcloud Desktop Client +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.6.3 Description: The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. It is missing sanitisation on qml labels used for basic HTML elements such a...
Regarding recent reported security vulnerabilities from Cisco Talos
Back in October 2022, the Qt Project Security team was contacted by someone at Cisco Talos to report an issue with integer and buffer overflow issues in QML which they considered a vulnerability in Qt 6.3. This has recently been made public by Cisco Talos here. This has also resulted in two CVEs ...