Lucene search
K

88 matches found

Fedora
Fedora
added 2024/05/29 3:37 a.m.22 views

[SECURITY] Fedora 40 Update: qt6-qtlottie-6.7.1-1.fc40

Qt Lottie Animation provides a QML API for rendering graphics and animations that are exported in JSON format by the Bodymovin plugin for Adobe After Effects...

9.8CVSS6.3AI score0.0097EPSS
Exploits0
Fedora
Fedora
added 2024/05/29 3:37 a.m.23 views

[SECURITY] Fedora 40 Update: qt6-qtcharts-6.7.1-1.fc40

Qt Charts module provides a set of easy to use chart components. It uses the Qt Graphics View Framework, therefore charts can be easily integrated to modern user interfaces. Qt Charts can be used as QWidgets, QGra phicsWidget, or QML types. Users can easily create impressive graphs by selecting o...

9.8CVSS6.6AI score0.0097EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.5 views

PT-2023-29737 · Qt Company · Qt

Name of the Vulnerable Software and Affected Versions: Qt versions prior to 6.2.11 Qt versions 6.3.x through 6.6.x before 6.6.1 Description: An issue was discovered in Qt when a QML image refers to an image whose content is not known yet, leading to an assumption that it is an SVG document. If th...

6.5CVSS6.8AI score0.0035EPSS
Exploits0References31
SUSE CVE
SUSE CVE
added 2023/10/27 12:56 a.m.6 views

SUSE CVE-2023-45872

An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service application crash if it is not actually an SVG document...

6.5CVSS6.8AI score0.0035EPSS
Exploits0References3
QT
QT
added 2023/10/19 12:0 a.m.28 views

Security advisory: Loading invalid QML image source impacts Qt

An issue when loading an invalid QML image source has been reported and has been assigned the CVE id CVE-2023-45872. When an invalid source is used to indicate an image to be loaded is specified then it will end up trying to load it as a SVG file which will trigger a crash in Qt SVG. This does no...

6.5CVSS8.6AI score0.0035EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.47 views

openSUSE 15 Security Update : nextcloud-desktop (openSUSE-SU-2023:0090-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0090-1 advisory. - Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client...

6.1CVSS5.5AI score0.00884EPSS
Exploits4References17
Fedora
Fedora
added 2023/03/14 12:24 a.m.44 views

[SECURITY] Fedora 38 Update: kpipewire-5.27.2-2.fc38

It is developed in C++ and it's main use target is QML components. As it's what's been useful, this framework focuses on graphical PipeWire features. If it was necessary, these could be included. At the moment we offer two main components: - KPipeWire: offers the main components to connect to and...

8.8CVSS7.3AI score0.01118EPSS
Exploits0
Fedora
Fedora
added 2023/03/14 12:24 a.m.33 views

[SECURITY] Fedora 38 Update: haruna-0.10.3-3.fc38

Open source video player built with Qt/QML and libmpv. Features: + play online videos, through youtube-dl; + supports youtube playlists; + toggle playlist with mouse-over, playlist overlays the video; + auto skip chapter containing certain words; + configurable shortcuts and mouse buttons; + quic...

8.8CVSS7.3AI score0.01118EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/02/26 12:0 a.m.7 views

Fedora: Security Advisory for kpipewire (FEDORA-2023-e31c3e4b6c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2023/02/25 3:47 a.m.18 views

[SECURITY] Fedora 37 Update: kpipewire-5.27.1-1.fc37

It is developed in C++ and it's main use target is QML components. As it's what's been useful, this framework focuses on graphical PipeWire features. If it was necessary, these could be included. At the moment we offer two main components: - KPipeWire: offers the main components to connect to and...

0.5AI score
Exploits0
CNNVD
CNNVD
added 2023/02/20 12:0 a.m.5 views

qt-users-jp silk 跨站脚本漏洞

silk is qt-users-jp open source a simple and flexible web framework . A cross-site scripting vulnerability exists in qt-users-jp silk version 0.0.1, which stems from a problem with the unknown code in the file /root/examples/header.qml, where manipulation of the parameter model.key/model.value ca...

6.1CVSS4.6AI score0.00473EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.3 views

SUSE CVE-2012-5624

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application...

4.3CVSS6.1AI score0.01939EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.6 views

SUSE CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

5.4CVSS6.1AI score0.00657EPSS
Exploits0References5
NVD
NVD
added 2023/02/06 9:15 p.m.33 views

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

6.1CVSS6AI score0.00657EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/02/06 9:15 p.m.35 views

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

6.1CVSS6.3AI score0.00657EPSS
Exploits0References4
OSV
OSV
added 2023/02/06 9:15 p.m.9 views

UBUNTU-CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

6.1CVSS5.8AI score0.00657EPSS
Exploits0References5
OSV
OSV
added 2023/02/06 8:23 p.m.24 views

CVE-2023-23942 Self reflected HTML injection in Desktop client

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

5.4CVSS6AI score0.00657EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.7 views

Nextcloud 跨站脚本漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Desktop Client versions prior to 3.6.3, which stems from a lack of cleanup of qml tags, leading to...

6.1CVSS5.8AI score0.00657EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/02/06 12:0 a.m.4 views

PT-2023-19313 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.6.3 Description: The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. It is missing sanitisation on qml labels used for basic HTML elements such a...

8.8CVSS6AI score0.04698EPSS
Exploits10References53
QT
QT
added 2023/01/23 12:0 a.m.43 views

Regarding recent reported security vulnerabilities from Cisco Talos

Back in October 2022, the Qt Project Security team was contacted by someone at Cisco Talos to report an issue with integer and buffer overflow issues in QML which they considered a vulnerability in Qt 6.3. This has recently been made public by Cisco Talos here. This has also resulted in two CVEs ...

6.8CVSS8.8AI score0.01144EPSS
Exploits2
Rows per page
Query Builder