Page 3 of 28 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. • https://codereview.qt-project.org/c/qt/qtbase/+/456216 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin https: •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. Qt versiones hasta 5.15.8 y versiones 6.x hasta 6.2.3, pueden cargar archivos de biblioteca del sistema desde un directorio de trabajo no deseado • https://codereview.qt-project.org/c/qt/qtbase/+/396440 https://codereview.qt-project.org/c/qt/qtbase/+/396689 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690 https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. En Qt versiones 5.9.x hasta 5.15.x anteriores a 5.15.9 y versiones 6.x anteriores a 6.2.4 en Linux y UNIX, QProcess podía ejecutar un binario del directorio de trabajo actual cuando no era encontrado en el PATH A flaw was found in qt. The vulnerability occurs due to executing binaries from the current directory when the loading path failed, leading to an uncontrolled path element vulnerability. This flaw allows an attacker to execute malicious executables. • https://codereview.qt-project.org/c/qt/qtbase/+/393113 https://codereview.qt-project.org/c/qt/qtbase/+/394914 https://codereview.qt-project.org/c/qt/qtbase/+/396020 https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff https://access.redhat.com/security/cve/CVE-2022-25255 https://bugzilla.redhat.com/show_bug.cgi?id=2055505 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Qt 5.x antes de la versión 5.15.6 y 6.x hasta la versión 6.1.2 tiene una escritura fuera de límites en QOutlineMapper::convertPath (llamada desde QRasterPaintEngine::fill y QPaintEngineEx::stroke) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I https://lists.fedoraproject.org/archives/ • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. Es corregido un problema en Qt versiones 5.14.0, donde la función QPluginLoader intenta cargar plugins relativos al directorio de trabajo, permitiendo a atacantes ejecutar código arbitrario por medio de archivos diseñados • https://codereview.qt-project.org/c/qt/qtbase/+/280730 •