Vulnerabilities > QT

DATE CVE VULNERABILITY TITLE RISK
2020-09-14 CVE-2020-0570 Untrusted Search Path vulnerability in multiple products
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
local
qt redhat CWE-426
4.4
2020-08-12 CVE-2020-17507 Out-Of-Bounds Read vulnerability in multiple products
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1.
network
low complexity
qt fedoraproject CWE-125
5.0
2020-06-09 CVE-2020-13962 Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users.
network
low complexity
mumble qt
5.0
2020-04-27 CVE-2020-12267 USE After Free vulnerability in QT 5.14.1
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
network
low complexity
qt CWE-416
7.5
2020-02-28 CVE-2018-21035 Allocation of Resources Without Limits OR Throttling vulnerability in QT
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages.
network
low complexity
qt CWE-770
5.0
2020-01-24 CVE-2015-9541 XML Entity Expansion vulnerability in multiple products
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
network
low complexity
qt fedoraproject CWE-776
5.0
2019-10-23 CVE-2019-18281 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
network
qt debian CWE-119
4.3
2019-03-21 CVE-2018-19872 Divide BY Zero vulnerability in multiple products
An issue was discovered in Qt 5.11.
4.3
2018-12-26 CVE-2018-19873 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
An issue was discovered in Qt before 5.11.3.
network
low complexity
qt debian opensuse CWE-119
7.5
2018-12-26 CVE-2018-19871 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Qt before 5.11.3.
network
qt opensuse CWE-400
4.3