223 matches found
Qt 安全漏洞
Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...
qtbase: qtbase: Delay any communication until encrypted() can be responded to
A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...
qtbase: qtbase: Delay any communication until encrypted() can be responded to
A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...
qtbase: qtbase: Delay any communication until encrypted() can be responded to
A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...
SUSE CVE-2024-39936
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...
DEBIAN-CVE-2024-39936
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...
UBUNTU-CVE-2024-39936
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
...
SUSE CVE-2024-36048
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values...
PT-2024-25516 · Qt · Qt Framework
Name of the Vulnerable Software and Affected Versions: Qt Framework affected versions not specified Description: The issue could be exploited in applications that make use of the QStringDecoder. There is no information about the estimated number of potentially affected devices worldwide or...
qtsvg: Multiple Vulnerabilities
Background qtsvg is a SVG rendering library for the Qt framework. Description Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
The vulnerability in the `gui/util/qktxhandler.cpp` component of the KTX image processing module of the cross-platform framework for developing Qt software allows a hacker to cause a service failure.
The vulnerability in the gui/util/qktxhandler.cpp component of the KTX image processing module for the cross-platform development framework for Qt software development relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious act...
UBUNTU-CVE-2023-45935
DISPUTED Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server...
SUSE CVE-2024-30161
In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly wasm. Earlier and later versions are unaffected...
Qt 安全漏洞
Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...
Qt Security Vulnerabilities
Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17 6.x before 6.2.11 6.3.x through 6.5.x before 6.5.4 and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
...
The vulnerability of the HTTP2 protocol implementation (network/access/http2/hpacktable.cpp) in the cross-platform development framework for Qt software allows a perpetrator to cause service failures.
The vulnerability of the HTTP2 protocol implementation network/access/http2/hpacktable.cpp of the cross-platform development framework for Qt is related to a numerical overflow caused by changes to the typical expression order in conditional operators “Yoda conditions”. Exploiting this...
The vulnerability of the fastScanName() function in the QXmlStreamReader class, a cross-platform framework for Qt software development, allows a attacker to cause a service failure.
The vulnerability of the fastScanName function in the QXmlStreamReader class, a cross-platform framework for Qt software development, relates to the issue of operations going beyond the buffer boundaries in memory when processing XML files. Exploiting this vulnerability could allow an attacker to...
CVE-2023-51714
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check...