Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qt qtbase vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2020-0570
Uncontrolled search path in the QT Library prior to 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
Qt Qt
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
7.5
CVSSv3
CVE-2018-21035
In Qt up to and including 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for malicious users to cause a denial of service (memory consumption).
Qt Qt
5.3
CVSSv3
CVE-2023-33285
An issue exists in Qt 5.x prior to 5.15.14, 6.x prior to 6.2.9, and 6.3.x up to and including 6.5.x prior to 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
Qt Qt
7.5
CVSSv3
CVE-2023-38197
An issue exists in Qt prior to 5.15.15, 6.x prior to 6.2.10, and 6.3.x up to and including 6.5.x prior to 6.5.3. There are infinite loops in recursive entity expansion.
Qt Qt
5.3
CVSSv3
CVE-2023-34410
An issue exists in Qt prior to 5.15.15, 6.x prior to 6.2.9, and 6.3.x up to and including 6.5.x prior to 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
Qt Qt
7.5
CVSSv3
CVE-2023-24607
Qt prior to 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x prior to 5.15.13, 6.x prior to 6.2.8, and 6.3.x prior to 6.4.3.
Qt Qt
7.5
CVSSv3
CVE-2021-38593
Qt 5.x prior to 5.15.6 and 6.x up to and including 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
Qt Qt
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.5
CVSSv3
CVE-2023-37369
In Qt prior to 5.15.15, 6.x prior to 6.2.9, and 6.3.x up to and including 6.5.x prior to 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
Qt Qt
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2020-13962
Qt 5.12.2 up to and including 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be discon...
Mumble Mumble 1.3.0
Qt Qt
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.2
8.8
CVSSv3
CVE-2018-15518
QXmlStream in Qt 5.x prior to 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
Qt Qt
Debian Debian Linux 8.0
Opensuse Leap 42.3
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »