Search CVE reports

Toggle filters

21 – 30 of 43 results

CVE-2020-24742

Medium priority
Not affected

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

2 affected packages

qtbase-opensource-src-gles, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qtbase-opensource-src-gles Not affected Not affected Not in release
qtbase-opensource-src Not affected Not affected Not affected
Show less packages

CVE-2020-24741

Medium priority
Not affected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2020-0570...

2 affected packages

qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qtbase-opensource-src Not affected Not affected
qtbase-opensource-src-gles Not affected Not in release
Show less packages

CVE-2020-15999

High priority

Some fixes available 16 of 17

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

18 affected packages

chromium-browser, godot, graphicsmagick, musescore, openjdk-13...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Not affected Not affected Not in release Fixed
godot Not affected Not affected Not affected Not in release
graphicsmagick Not affected Not affected Not affected Not affected
musescore Not in release Not in release Not affected Not affected
openjdk-13 Not in release Not in release Not affected Not in release
texmaker Not affected Not affected Not affected Not affected
android Not in release Not in release Not in release Not in release
firefox Not affected Not affected Not in release Not affected
freetype Fixed Fixed Fixed Fixed
openjdk-lts Not affected Not affected Not affected Not affected
openjdk-15 Not in release Not in release Not in release Not in release
oxide-qt Not in release Not in release Not in release Not in release
paraview Not affected Not affected Not affected Not affected
qtbase-opensource-src Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not in release Not affected
openjdk-12 Not in release Not in release Not in release Not in release
qtbase-opensource-src-gles Not affected Not affected Not affected Not in release
texlive-bin Not affected Not affected Not affected Not affected
Show all 18 packages Show less packages

CVE-2020-17507

Low priority

Some fixes available 1 of 6

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.

2 affected packages

qt4-x11, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qt4-x11 Not in release Not in release Not in release Vulnerable
qtbase-opensource-src Not affected Not affected Vulnerable Fixed
Show less packages

CVE-2020-13962

Medium priority
Vulnerable

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions,...

1 affected package

qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qtbase-opensource-src Not affected Not affected Vulnerable Not affected
Show less packages

CVE-2020-12267

Medium priority
Not affected

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.

2 affected packages

qt4-x11, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qt4-x11 Not in release Not affected
qtbase-opensource-src Not affected Not affected
Show less packages

CVE-2020-0570

Medium priority
Fixed

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

1 affected package

qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qtbase-opensource-src Not affected
Show less packages

CVE-2020-0569

Medium priority
Fixed

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

1 affected package

qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qtbase-opensource-src Fixed
Show less packages

CVE-2015-9541

Low priority
Vulnerable

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

5 affected packages

phantomjs, pyside, pyside2, qt4-x11, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
phantomjs Not in release Not in release Vulnerable Vulnerable
pyside Not in release Not in release Not in release Vulnerable
pyside2 Vulnerable Vulnerable Vulnerable Not in release
qt4-x11 Not in release Not in release Not in release Vulnerable
qtbase-opensource-src Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2019-18281

Medium priority

Some fixes available 1 of 2

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file...

1 affected package

qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qtbase-opensource-src Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON