CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34410 – qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation
https://notcve.org/view.php?id=CVE-2023-34410
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. • https://codereview.qt-project.org/c/qt/qtbase/+/477560 https://codereview.qt-project.org/c/qt/qtbase/+/480002 https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX https://access.redhat.com/security/cve/CVE-2023-34410 https://bugzilla.redhat.com/show_bug.cgi?id=2212747 • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32762
https://notcve.org/view.php?id=CVE-2023-32762
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. • https://codereview.qt-project.org/c/qt/qtbase/+/476140 https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html https://lists.qt-project.org/pipermail/announce/2023-May/000414.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32763
https://notcve.org/view.php?id=CVE-2023-32763
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. • https://codereview.qt-project.org/c/qt/qtbase/+/476125 https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html https://lists.qt-project.org/pipermail/announce/2023-May/000413.html https://security.gentoo.org/glsa/202402-03 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32573 – qt: Uninitialized variable usage in m_unitsPerEm
https://notcve.org/view.php?id=CVE-2023-32573
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm. • https://codereview.qt-project.org/c/qt/qtsvg/+/474093 https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX https://access.redhat.com/security/cve/CVE-2023-32573 https://bugzilla.redhat.com/show_bug.cgi?id=2208135 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25634
https://notcve.org/view.php?id=CVE-2022-25634
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. Qt versiones hasta 5.15.8 y versiones 6.x hasta 6.2.3, pueden cargar archivos de biblioteca del sistema desde un directorio de trabajo no deseado • https://codereview.qt-project.org/c/qt/qtbase/+/396440 https://codereview.qt-project.org/c/qt/qtbase/+/396689 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690 https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •