Vulnerabilities > QT

DATE CVE VULNERABILITY TITLE RISK
2022-03-02 CVE-2022-25634 Path Traversal vulnerability in QT
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
network
low complexity
qt CWE-22
5.0
2022-02-16 CVE-2022-25255 Unspecified vulnerability in QT
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
local
low complexity
qt
7.2
2022-01-01 CVE-2021-45930 Out-of-bounds Write vulnerability in multiple products
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
4.3
2021-08-12 CVE-2021-38593 Out-of-bounds Write vulnerability in QT
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
network
low complexity
qt CWE-787
5.0
2021-08-09 CVE-2020-24741 Unspecified vulnerability in QT 5.13.1/5.14.0
An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
network
qt
6.8
2021-08-09 CVE-2020-24742 Unspecified vulnerability in QT
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
network
qt
6.8
2020-09-14 CVE-2020-0570 Untrusted Search Path vulnerability in multiple products
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
local
qt redhat CWE-426
4.4
2020-08-12 CVE-2020-17507 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1.
network
low complexity
qt fedoraproject CWE-125
5.0
2020-06-09 CVE-2020-13962 Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users.
network
low complexity
mumble qt fedoraproject opensuse
5.0
2020-04-27 CVE-2020-12267 Use After Free vulnerability in QT 5.14.1
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
network
low complexity
qt CWE-416
7.5