Page 2 of 22 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. • https://codereview.qt-project.org/c/qt/qtbase/+/477560 https://codereview.qt-project.org/c/qt/qtbase/+/480002 https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX https://access.redhat.com/security/cve/CVE-2023-34410 https://bugzilla.redhat.com/show_bug.cgi?id=2212747 • CWE-295: Improper Certificate Validation •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. • https://codereview.qt-project.org/c/qt/qtbase/+/476140 https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html https://lists.qt-project.org/pipermail/announce/2023-May/000414.html •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. • https://codereview.qt-project.org/c/qt/qtbase/+/476125 https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html https://lists.qt-project.org/pipermail/announce/2023-May/000413.html https://security.gentoo.org/glsa/202402-03 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. A vulnerability was discovered in Qt. This security flaw occurs in the QDnsLookup function, which has a buffer over-read via a crafted reply from a DNS server. • https://codereview.qt-project.org/c/qt/qtbase/+/477644 https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html https://access.redhat.com/security/cve/CVE-2023-33285 https://bugzilla.redhat.com/show_bug.cgi?id=2209488 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm. • https://codereview.qt-project.org/c/qt/qtsvg/+/474093 https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX https://access.redhat.com/security/cve/CVE-2023-32573 https://bugzilla.redhat.com/show_bug.cgi?id=2208135 • CWE-369: Divide By Zero •