61 matches found
Debian dla-3805 : libqt5concurrent5 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3805 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3805-1 [email protected]...
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
...
DEBIAN-CVE-2023-52426
libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...
AZL-34684 CVE-2023-52426 affecting package expat for versions less than 2.6.2-1
libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...
AZL-34208 CVE-2023-52426 affecting package expat for versions less than 2.6.2-2
libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...
UBUNTU-CVE-2023-52426
libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...
PT-2024-3924
Name of the Vulnerable Software and Affected Versions: libexpat versions through 2.5.0 Description: The issue is related to the incorrect limitation of recursive references to objects in DTD, which can lead to a denial of service. This is caused by recursive XML Entity Expansion if XML DTD is...
OESA-2023-1881 qt security update
Qt pronounced as "cute", not "cu-tee" is a cross-platform framework that is usually used as a graphical toolkit, although it is also very helpful in creating CLI applications. It runs on the three major desktop OSes, as well as on mobile OSes, such as Symbian, Nokia Belle, Meego Harmattan, MeeGo ...
Oracle Linux 8 : qt5-qtbase (ELSA-2023-6967)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6967 advisory. - Fix infinite loops in QXmlStreamReader CVE-2023-38197 Resolves: bz2222770 - Don't allow remote attacker to bypass security restrictions caused by fla...
Oracle Linux 9 : qt5 (ELSA-2023-6369)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6369 advisory. - Fix infinite loops in QXmlStreamReader CVE-2023-38197 Resolves: bz2222771 - Don't allow remote attacker to bypass security restrictions caused by fla...
CentOS 8 : qt5-qtbase (CESA-2023:6967)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:6967 advisory. - An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a...
RHEL 9 : qt5 (RHSA-2023:6369)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6369 advisory. Qt is a software toolkit for developing applications. Security Fixes: qt: buffer over-read via a crafted reply from a DNS server...
An issue was discovered in Qt before 5.15.15 6.x before 6.2.10 and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
...
Security advisory: QXmlStreamReader
A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-38197. QXmlStreamReader can freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Solution: Apply the attached patch or update to Qt 5.15.15, Qt 6.2.10, ...
SUSE CVE-2023-38197
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in recursive entity expansion. Remediation Upgrade qt to version 5.15.16, 6.5.3 or higher. References - qt Issue...
CVE-2023-38197
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...
DEBIAN-CVE-2023-38197
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...
Privilege escalation
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...
CVE-2023-38197
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...