CVE-2020-0569 – qt: files placed by attacker can influence the working directory and lead to malicious code execution
https://notcve.org/view.php?id=CVE-2020-0569
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Una escritura fuera de límites en los productos Intel® PROSet/Wireless WiFi en Windows 10 puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html https://access.redhat.com/security/cve/CVE-2020-0569 https://bugzilla.redhat.com/show_bug.cgi?id=1800600 • CWE-73: External Control of File Name or Path CWE-787: Out-of-bounds Write •
CVE-2020-0570 – qt: files placed by attacker can influence the working directory and lead to malicious code execution
https://notcve.org/view.php?id=CVE-2020-0570
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Una ruta de búsqueda no controlada en QT Library versiones anteriores a 5.14.0, 5.12.7 y 5.9.10, puede permitir a un usuario autenticado habilitar potencialmente una elevación de privilegios por medio un acceso local • https://bugreports.qt.io/browse/QTBUG-81272 https://bugzilla.redhat.com/show_bug.cgi?id=1800604 https://lists.qt-project.org/pipermail/development/2020-January/038534.html https://access.redhat.com/security/cve/CVE-2020-0570 • CWE-73: External Control of File Name or Path CWE-426: Untrusted Search Path •
CVE-2015-9541 – qt: XML entity expansion vulnerability
https://notcve.org/view.php?id=CVE-2015-9541
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. Qt versiones hasta 5.14, permite un ataque de expansión de entidad XML exponencial por medio de un documento SVG diseñado que es manejado inapropiadamente en la función QXmlStreamReader, un problema relacionado con el CVE-2003-1564. An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for example, SVG images, or untrusted XML documents, may be vulnerable to this flaw. This flaw allows an attacker to cause a denial of service. • https://bugreports.qt.io/browse/QTBUG-47417 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G https://access.redhat.com/security/cve/CVE-2015-9541 https://bugzilla.redhat.com/show_bug.cgi?id=1801369 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2018-15518 – qt5-qtbase: Double free in QXmlStreamReader
https://notcve.org/view.php?id=CVE-2018-15518
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. QXmlStream en Qt 5.x en versiones anteriores a la 5.11.3 tiene una doble liberación (double free) o una corrupción durante el análisis de un documento XML ilegal especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html https://access.redhat.com/errata/RHSA-2019:2135 https://access.redhat.com/errata/RHSA-2019:3390 https://blog.qt.io/blog/ • CWE-415: Double Free CWE-416: Use After Free •
CVE-2018-19871 – qt5-qtimageformats: QTgaFile CPU exhaustion
https://notcve.org/view.php?id=CVE-2018-19871
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Hay un consumo de recursos no controlado en QTgaFile. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html https://access.redhat.com/errata/RHSA-2019:2135 https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates https://codereview.qt-project.org/#/c/237761 https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html https://access.redhat.com/security/cve/CVE-2018-19871 https://bugzilla.redhat.com/show_bug • CWE-400: Uncontrolled Resource Consumption •