Vulnerabilities > QT

DATE CVE VULNERABILITY TITLE RISK
2021-08-09 CVE-2020-24741 Unspecified vulnerability in QT 5.13.1/5.14.0
An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
network
qt
6.8
2021-08-09 CVE-2020-24742 Unspecified vulnerability in QT
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
network
qt
6.8
2020-09-14 CVE-2020-0570 Untrusted Search Path vulnerability in multiple products
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
local
qt redhat CWE-426
4.4
2020-08-12 CVE-2020-17507 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1.
network
low complexity
qt fedoraproject CWE-125
5.0
2020-06-09 CVE-2020-13962 Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users.
network
low complexity
mumble qt fedoraproject opensuse
5.0
2020-04-27 CVE-2020-12267 Use After Free vulnerability in QT 5.14.1
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
network
low complexity
qt CWE-416
7.5
2020-02-28 CVE-2018-21035 Allocation of Resources Without Limits or Throttling vulnerability in QT
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages.
network
low complexity
qt CWE-770
5.0
2020-01-24 CVE-2015-9541 XML Entity Expansion vulnerability in multiple products
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
network
low complexity
qt fedoraproject CWE-776
5.0
2019-10-23 CVE-2019-18281 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
network
qt debian CWE-119
4.3
2019-03-21 CVE-2018-19872 Divide By Zero vulnerability in multiple products
An issue was discovered in Qt 5.11.
4.3