223 matches found
DEBIAN-CVE-2023-51714
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check...
Qt Security Vulnerabilities
Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...
qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate...
OESA-2023-1810 qt security update
Qt pronounced as "cute", not "cu-tee" is a cross-platform framework that is usually used as a graphical toolkit, although it is also very helpful in creating CLI applications. It runs on the three major desktop OSes, as well as on mobile OSes, such as Symbian, Nokia Belle, Meego Harmattan, MeeGo ...
OESA-2023-1791 qt5-qtbase security update
Qt is a software toolkit for developing applications. Security Fixes: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.CVE-2023-33285...
SUSE CVE-2015-9541
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564...
The vulnerability of the `addApplicationFont{FromData}` function in the QFontDatabase class, a cross-platform framework for Qt software development, allows a attacker to cause a service failure.
The vulnerability of the addApplicationFontFromData function in the QFontDatabase class, a cross-platform framework for Qt software development, is related to improper cleaning or release of resources during font processing. Exploiting this vulnerability can allow an attacker to cause service...
SUSE CVE-2023-43114
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFontFromData, then it can cause the application to crash because of missing length check...
CVE-2023-43114
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFontFromData, then it can cause the application to crash because of missing length check...
The vulnerability of the QXmlStreamReader function in the cross-platform framework for Qt software development allows a attacker to cause a service failure.
The vulnerability of the QXmlStreamReader function in the cross-platform software development framework for Qt is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
The vulnerability of the LoadLibrary function in the cross-platform framework for developing Qt software allows a perpetrator to gain access to protected information.
The vulnerability of the LoadLibrary function in the cross-platform framework for developing Qt software relates to the possibility of bypassing the directory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected information...
OESA-2023-1580 qt security update
Qt pronounced as "cute", not "cu-tee" is a cross-platform framework that is usually used as a graphical toolkit, although it is also very helpful in creating CLI applications. It runs on the three major desktop OSes, as well as on mobile OSes, such as Symbian, Nokia Belle, Meego Harmattan, MeeGo ...
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States. This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same...
DEBIAN-CVE-2023-37369
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...
UBUNTU-CVE-2023-37369
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...
Qt 安全漏洞
Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. Can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...
SUSE CVE-2023-37369
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...
Qt Input Validation Error Vulnerability
Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in recursive entity expansion. Remediation Upgrade qt to version 5.15.16, 6.5.3 or higher. References - qt Issue...
CVE-2023-38197
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...