CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32762 – Gentoo Linux Security Advisory 202402-21
https://notcve.org/view.php?id=CVE-2023-32762
28 May 2023 — An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. This update for libqt5-qtbase fixes the following issues. Fixed Qt SQL ODBC driver plugin DOS. • https://codereview.qt-project.org/c/qt/qtbase/+/476140 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32763 – Gentoo Linux Security Advisory 202402-03
https://notcve.org/view.php?id=CVE-2023-32763
28 May 2023 — An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. This update for libqt5-qtbase fixes the following issues. Fixed Qt SQL ODBC driver plugin DOS. Fixed Qt Network incorrectly parses the strict-transport-security header. • https://codereview.qt-project.org/c/qt/qtbase/+/476125 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33285 – qt: buffer over-read via a crafted reply from a DNS server
https://notcve.org/view.php?id=CVE-2023-33285
22 May 2023 — An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. A vulnerability was discovered in Qt. This security flaw occurs in the QDnsLookup function, which has a buffer over-read via a crafted reply from a DNS server. This update for libqt5-qtbase fixes the following issues. • https://codereview.qt-project.org/c/qt/qtbase/+/477644 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32573 – qt: Uninitialized variable usage in m_unitsPerEm
https://notcve.org/view.php?id=CVE-2023-32573
10 May 2023 — In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm. This update for libqt5-qtsvg fixes the following issues. Fixed an out-of-bounds write that may have lead to a denial-of-service. • https://codereview.qt-project.org/c/qt/qtsvg/+/474093 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-24607 – SUSE Security Advisory - SUSE-SU-2023:2982-1
https://notcve.org/view.php?id=CVE-2023-24607
15 Apr 2023 — Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. This update for libqt5-qtbase fixes the following issues. Fixed Qt SQL ODBC driver plugin DOS. Fixed Qt Network incorrectly parses the strict-transport-security header. • https://codereview.qt-project.org/c/qt/qtbase/+/456216 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40983
https://notcve.org/view.php?id=CVE-2022-40983
12 Jan 2023 — An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros en la API QML QtScript Reflect de Qt Project Qt 6.3.2. Un código JavaScript especialmente manipulado puede provocar un desbordamie... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43591
https://notcve.org/view.php?id=CVE-2022-43591
12 Jan 2023 — A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en la API QML QtScript Reflect de Qt Project Qt 6.3.2. Un código JavaScript especialmente manipulado puede desencadenar un acceso a la memoria fuera... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650 • CWE-122: Heap-based Buffer Overflow •