CBL Mariner 2.0 Security Update: qt5-qtbase (CVE-2023-37369)

The version of qt5-qtbase installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-37369 advisory. - In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an applicatio...

Debian dla-3539 : libqt4-dbg - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3539 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3539-1 [email protected]...

CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...

DEBIAN-CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...

AZL-27920 CVE-2023-37369 affecting package qt5-qtbase for versions less than 5.12.11-9

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...

CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...

Fedora 38 : qt5-qtbase (2023-04d519d0b3)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-04d519d0b3 advisory. Security fix for CVE-2023-37369 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

SUSE CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...

CVE-2023-37369

A flaw was found in the qtbase package. When given specifically crafted data, the QXmlStreamReader can end up causing a buffer overflow and, subsequently, a crash...

CVE-2023-38197

A vulnerability was found in Qtbase, where it is vulnerable to a denial of service caused by an infinite loop flaw in the QXmlStreamReader function. This flaw occurs because the QXmlStreamReader function accepts multiple DOCTYPE elements containing DTD fragments in the XML prolog and the XML body...

Security advisory: QXmlStreamReader

A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-38197. QXmlStreamReader can freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Solution: Apply the attached patch or update to Qt 5.15.15, Qt 6.2.10, ...

PT-2023-4688 · Qt Company +8 · Qt +8

Name of the Vulnerable Software and Affected Versions: Qt versions prior to 5.15.15 Qt versions 6.x prior to 6.2.10 Qt versions 6.3.x through 6.5.x prior to 6.5.3 Description: The issue is related to infinite loops in recursive entity expansion, which can lead to a denial of service. This can be...

Mageia: Security Advisory (MGASA-2019-0025)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader a related issue to CVE-2003-1564.

...

SUSE: Security Advisory (SUSE-SU-2018:4183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

XML Entity Expansion (XEE)

Qt is is vulnerable to XML entity expansion. The vulnerability exists due to mishandling of 'QXmlStreamReader' allowing a malicious attacker to send crafted SVG to cause an xml bomb attack...

Security update for libqt4 (moderate)

openSUSE Security Update: Security update for libqt4 Announcement ID: openSUSE-SU-2020:1530-1 Rating: moderate References: 1118595 1118596 1118599 1121214 1176315 Cross-References: CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 CVE-2020-17507 Affected Products: openSUSE Backports SLE-15-SP2 An upda...

openSUSE: Security Advisory for libqt4 (openSUSE-SU-2020:1501-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for libqt4 (moderate)

openSUSE Security Update: Security update for libqt4 Announcement ID: openSUSE-SU-2020:1452-1 Rating: moderate References: 1118595 1118596 1118599 1121214 1176315 Cross-References: CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 CVE-2020-17507 Affected Products: openSUSE Leap 15.1 An update that...

EulerOS 2.0 SP3 : qt (EulerOS-SA-2020-1431)

According to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to...