Vulnerabilities > QT

DATE CVE VULNERABILITY TITLE RISK
2018-12-26 CVE-2018-19871 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Qt before 5.11.3.
network
low complexity
qt opensuse CWE-400
6.5
2018-12-26 CVE-2018-19870 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Qt before 5.11.3.
network
low complexity
qt debian opensuse CWE-476
8.8
2018-12-26 CVE-2018-19869 Improper Input Validation vulnerability in multiple products
An issue was discovered in Qt before 5.11.3.
network
low complexity
qt opensuse CWE-20
6.5
2018-12-26 CVE-2018-15518 Double Free vulnerability in multiple products
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
network
low complexity
qt debian opensuse CWE-415
8.8
2018-12-05 CVE-2018-19865 Information Exposure Through Log Files vulnerability in multiple products
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
network
low complexity
qt opensuse CWE-532
7.5
2018-01-09 CVE-2015-1290 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
network
low complexity
google qt opensuse CWE-119
8.8
2017-12-16 CVE-2017-10905 Unspecified vulnerability in QT 5.9.0
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
local
low complexity
qt
5.3
2017-12-16 CVE-2017-10904 OS Command Injection vulnerability in QT
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
network
low complexity
qt CWE-78
critical
9.8
2017-10-04 CVE-2017-15011 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in QT
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
network
low complexity
qt CWE-119
7.5
2017-09-07 CVE-2015-8079 Information Exposure vulnerability in QT Qtwebkit
qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.
network
low complexity
qt CWE-200
5.3