CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39936 – qtbase: qtbase: Delay any communication until encrypted() can be responded to
https://notcve.org/view.php?id=CVE-2024-39936
04 Jul 2024 — An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. Se descubrió un problema en HTTP2 en Qt antes de 5.15.18, 6.x antes de 6.2.13, 6.3.x hasta 6.5.x antes de 6.5.7 y 6.6.x hasta 6.7.x antes de 6.7.3. El código para tomar decisiones relevantes para la... • https://codereview.qt-project.org/c/qt/qtbase/+/571601 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-51714 – qt: incorrect integer overflow check
https://notcve.org/view.php?id=CVE-2023-51714
24 Dec 2023 — An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. Se descubrió un problema en la implementación de HTTP2 en Qt antes de 5.15.17, 6.x antes de 6.2.11, 6.3.x hasta 6.5.x antes de 6.5.4 y 6.6.x antes de 6.6.2. network/access/http2/hpacktable.cpp tiene una comprobación de desbordamiento de enteros HPack incorrecta. An integer over... • https://codereview.qt-project.org/c/qt/qtbase/+/524864 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43114
https://notcve.org/view.php?id=CVE-2023-43114
18 Sep 2023 — An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. Se descubrió un problema en Qt antes de 5.15.16, 6.x antes de 6.2.10 y 6.3.x a 6.5.x antes de 6.5.3 en Windows. Cuando se utiliza el motor de fuentes GDI, si se carga una fuente dañada a través de QFontDatabase... • https://codereview.qt-project.org/c/qt/qtbase/+/503026 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-37369 – qtbase: buffer overflow in QXmlStreamReader
https://notcve.org/view.php?id=CVE-2023-37369
20 Aug 2023 — In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. A flaw was found in the qtbase package. When given specifically crafted data, the QXmlStreamReader can end up causing a buffer overflow and, subsequently, a crash. A vulnerability has been discovered in Qt, where a buffer overflow can lead to denial of service. Versions greater than o... • https://bugreports.qt.io/browse/QTBUG-114829 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1CVE-2021-28025
https://notcve.org/view.php?id=CVE-2021-28025
11 Aug 2023 — Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). • https://bugreports.qt.io/browse/QTBUG-91507 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38197 – qtbase: infinite loops in QXmlStreamReader
https://notcve.org/view.php?id=CVE-2023-38197
13 Jul 2023 — An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. A vulnerability was found in Qtbase, where it is vulnerable to a denial of service caused by an infinite loop flaw in the QXmlStreamReader() function. This flaw occurs because the QXmlStreamReader function accepts multiple DOCTYPE elements containing DTD fragments in the XML prolog and the XML body. Well-formed but invalid XML files - with multiple DT... • https://codereview.qt-project.org/c/qt/qtbase/+/488960 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34410 – qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation
https://notcve.org/view.php?id=CVE-2023-34410
05 Jun 2023 — An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. • https://codereview.qt-project.org/c/qt/qtbase/+/477560 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32763 – Gentoo Linux Security Advisory 202402-03
https://notcve.org/view.php?id=CVE-2023-32763
28 May 2023 — An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. Multiple vulnerabilities have been discovered in QtGui which can lead to remote code execution. Versions greater than or equal to 5.15.9-r1 are affected. • https://codereview.qt-project.org/c/qt/qtbase/+/476125 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32762 – Gentoo Linux Security Advisory 202402-21
https://notcve.org/view.php?id=CVE-2023-32762
28 May 2023 — An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. Multiple vulnerabilities have been discovered in QtNetwork, the worst of which could lead to execution of arbitrary code. Versions greater than or equal to 6.6.1-r2 a... • https://codereview.qt-project.org/c/qt/qtbase/+/476140 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33285 – qt: buffer over-read via a crafted reply from a DNS server
https://notcve.org/view.php?id=CVE-2023-33285
22 May 2023 — An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. A vulnerability was discovered in Qt. This security flaw occurs in the QDnsLookup function, which has a buffer over-read via a crafted reply from a DNS server. An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8. • https://codereview.qt-project.org/c/qt/qtbase/+/477644 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •