Lucene search
K

223 matches found

CNNVD
CNNVD
added 2024/10/09 12:0 a.m.4 views

Qt 安全漏洞

Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...

6.5CVSS6.2AI score0.0035EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/07/19 10:57 a.m.6 views

qtbase: qtbase: Delay any communication until encrypted() can be responded to

A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...

8.6CVSS7.3AI score0.00494EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/18 4:34 p.m.4 views

qtbase: qtbase: Delay any communication until encrypted() can be responded to

A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...

8.6CVSS7.3AI score0.00494EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/18 1:37 p.m.4 views

qtbase: qtbase: Delay any communication until encrypted() can be responded to

A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...

8.6CVSS7.3AI score0.00494EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/07/06 2:58 a.m.5 views

SUSE CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

7.5CVSS7.3AI score0.00494EPSS
Exploits0References10
OSV
OSV
added 2024/07/04 9:15 p.m.1 views

DEBIAN-CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

5.9CVSS7.9AI score0.00494EPSS
Exploits0References1
OSV
OSV
added 2024/07/04 9:15 p.m.2 views

UBUNTU-CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

8.6CVSS7.3AI score0.00494EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.4 views

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.

...

6.2CVSS6.8AI score0.00321EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/05/21 11:12 p.m.5 views

SUSE CVE-2024-36048

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values...

9.8CVSS7AI score0.0097EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.1 views

PT-2024-25516 · Qt · Qt Framework

Name of the Vulnerable Software and Affected Versions: Qt Framework affected versions not specified Description: The issue could be exploited in applications that make use of the QStringDecoder. There is no information about the estimated number of potentially affected devices worldwide or...

8.6CVSS8.8AI score0.00494EPSS
Exploits0References22
Gentoo Linux
Gentoo Linux
added 2024/05/08 12:0 a.m.22 views

qtsvg: Multiple Vulnerabilities

Background qtsvg is a SVG rendering library for the Qt framework. Description Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

6.5CVSS7.1AI score0.01343EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/04/15 12:0 a.m.5 views

The vulnerability in the `gui/util/qktxhandler.cpp` component of the KTX image processing module of the cross-platform framework for developing Qt software allows a hacker to cause a service failure.

The vulnerability in the gui/util/qktxhandler.cpp component of the KTX image processing module for the cross-platform development framework for Qt software development relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious act...

6.2CVSS7.4AI score0.00321EPSS
Exploits0References10Affected Software6
OSV
OSV
added 2024/03/27 5:15 a.m.3 views

UBUNTU-CVE-2023-45935

DISPUTED Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server...

4.2CVSS5.9AI score0.0024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/03/26 3:38 a.m.4 views

SUSE CVE-2024-30161

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly wasm. Earlier and later versions are unaffected...

6.5CVSS6.9AI score0.00452EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/24 12:0 a.m.5 views

Qt 安全漏洞

Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...

6.5CVSS6.3AI score0.00452EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/15 12:0 a.m.4 views

Qt Security Vulnerabilities

Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...

6.2CVSS8.5AI score0.00321EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/01/21 8:0 a.m.3 views

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17 6.x before 6.2.11 6.3.x through 6.5.x before 6.5.4 and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

...

9.8CVSS8.7AI score0.00986EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/01/06 12:0 a.m.5 views

The vulnerability of the HTTP2 protocol implementation (network/access/http2/hpacktable.cpp) in the cross-platform development framework for Qt software allows a perpetrator to cause service failures.

The vulnerability of the HTTP2 protocol implementation network/access/http2/hpacktable.cpp of the cross-platform development framework for Qt is related to a numerical overflow caused by changes to the typical expression order in conditional operators “Yoda conditions”. Exploiting this...

6.2CVSS7.5AI score0.00986EPSS
Exploits0References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/12/26 12:0 a.m.5 views

The vulnerability of the fastScanName() function in the QXmlStreamReader class, a cross-platform framework for Qt software development, allows a attacker to cause a service failure.

The vulnerability of the fastScanName function in the QXmlStreamReader class, a cross-platform framework for Qt software development, relates to the issue of operations going beyond the buffer boundaries in memory when processing XML files. Exploiting this vulnerability could allow an attacker to...

7.8CVSS7.4AI score0.01553EPSS
Exploits1References17Affected Software12
ATTACKERKB
ATTACKERKB
added 2023/12/24 9:15 p.m.4 views

CVE-2023-51714

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check...

9.8CVSS5.8AI score0.00986EPSS
Exploits0References4
Rows per page
Query Builder