CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-0570 – qt: files placed by attacker can influence the working directory and lead to malicious code execution
https://notcve.org/view.php?id=CVE-2020-0570
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Una ruta de búsqueda no controlada en QT Library versiones anteriores a 5.14.0, 5.12.7 y 5.9.10, puede permitir a un usuario autenticado habilitar potencialmente una elevación de privilegios por medio un acceso local • https://bugreports.qt.io/browse/QTBUG-81272 https://bugzilla.redhat.com/show_bug.cgi?id=1800604 https://lists.qt-project.org/pipermail/development/2020-January/038534.html https://access.redhat.com/security/cve/CVE-2020-0570 • CWE-73: External Control of File Name or Path CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-9541 – qt: XML entity expansion vulnerability
https://notcve.org/view.php?id=CVE-2015-9541
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. Qt versiones hasta 5.14, permite un ataque de expansión de entidad XML exponencial por medio de un documento SVG diseñado que es manejado inapropiadamente en la función QXmlStreamReader, un problema relacionado con el CVE-2003-1564. An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for example, SVG images, or untrusted XML documents, may be vulnerable to this flaw. This flaw allows an attacker to cause a denial of service. • https://bugreports.qt.io/browse/QTBUG-47417 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G https://access.redhat.com/security/cve/CVE-2015-9541 https://bugzilla.redhat.com/show_bug.cgi?id=1801369 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19872 – qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp
https://notcve.org/view.php?id=CVE-2018-19872
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Se ha descubierto un problema en Qt 5.11. Una imagen PPM mal formada provoca una división entre cero y un cierre inesperado en qppmhandler.cpp. • http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html https://bugreports.qt.io/browse/QTBUG-69449 https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG https://lists.fedoraproject.org/archives/list& • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2018-15518 – qt5-qtbase: Double free in QXmlStreamReader
https://notcve.org/view.php?id=CVE-2018-15518
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. QXmlStream en Qt 5.x en versiones anteriores a la 5.11.3 tiene una doble liberación (double free) o una corrupción durante el análisis de un documento XML ilegal especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html https://access.redhat.com/errata/RHSA-2019:2135 https://access.redhat.com/errata/RHSA-2019:3390 https://blog.qt.io/blog/ • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19871 – qt5-qtimageformats: QTgaFile CPU exhaustion
https://notcve.org/view.php?id=CVE-2018-19871
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Hay un consumo de recursos no controlado en QTgaFile. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html https://access.redhat.com/errata/RHSA-2019:2135 https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates https://codereview.qt-project.org/#/c/237761 https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html https://access.redhat.com/security/cve/CVE-2018-19871 https://bugzilla.redhat.com/show_bug&# • CWE-400: Uncontrolled Resource Consumption •