223 matches found
UBUNTU-CVE-2025-5455
An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...
Qt 输入验证错误漏洞
Qt is a cross-platform application development framework from the Qt open source. An input validation error vulnerability exists in Qt versions 5.15.18 and earlier, 6.0.0 through 6.5.8, 6.6.0 through 6.8.3, and 6.9.0, which results in a denial of service when malformed data is processed by functi...
CVE-2019-11351
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework...
CVE-2017-15011
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service application crash via an unspecified string...
CVE-2025-4211
A flaw was found in the QFileSystemEngine in the Qt corelib module on Windows. The vulnerability arises when using the GetTempPath API, which allows attackers to manipulate temporary file paths, potentially leading to unauthorized access and privilege escalation. The affected public API in the Qt...
CVE-2025-4211
Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPa...
CVE-2025-4211 Improper Link Resolution Before File Access in QFileSystemEngine on Windows
Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPa...
CVE-2025-4211
Qt: CVE-2025-4211 affects the Qt corelib QFileSystemEngine on Windows, via QDir::tempPath() (and uses like QStandardPaths/TempLocation, QTemporaryDir, QTemporaryFile). Root cause is improper link resolution before file access, enabling potential symlink attacks and malicious file handling. Affect...
CVE-2025-4211 Improper Link Resolution Before File Access in QFileSystemEngine on Windows
Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPa...
The vulnerability of the QXmlStreamReader class in the cross-platform framework for Qt software development allows a attacker to cause a service failure.
The vulnerability of the QXmlStreamReader class in the cross-platform framework for Qt software development is related to an incorrect restriction on recursive references to entities in the DTD. Exploiting this vulnerability could allow a malicious actor to cause service failures...
OESA-2025-1387 qt5-qtbase security update
Qt is a software toolkit for developing applications. Security Fixes: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data.CVE-2025-30348...
OESA-2025-1386 qt5-qtbase security update
Qt is a software toolkit for developing applications. Security Fixes: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data.CVE-2025-30348...
Qt 安全漏洞
Qt is a cross-platform application development framework from the Qt open source. A security vulnerability exists in versions prior to Qt 6.8.0, which stems from the encodeText function in QDom involving a complex XML string copy and replace algorithm...
The vulnerability of the qdrawhelper_p.h component of the cross-platform development framework for Qt software, which allows a hacker to trigger a service failure.
The vulnerability of the qdrawhelperp.h component of the cross-platform framework for developing Qt software relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
SUSE CVE-2025-23050
QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read or division by zero. This is fixed in 5.15.19, 6.5.9, and 6.8.2...
ROS-20250418-01
A vulnerability in the gui/util/qktxhandler.cpp component of the KTX image processing module of the cross-platform Qt software development framework is related to a buffer overrun. Qt software development framework is related to an operation exceeding buffer boundaries in memory. memory...
ROS-20250121-11
A vulnerability in the QTextLayout component of the cross-platform software development framework Qt is related to buffer copying without input validation. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted file SVG A...
The vulnerability of the cross-platform software development framework Qt, related to writing beyond the buffer boundaries, allows attackers to trigger a service failure.
The vulnerability of the cross-platform software development framework Qt is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Important: qt5-qtsvg
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...
Important: qt5-qtxmlpatterns
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...