High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-09	CVE-2020-24742	Unspecified vulnerability in QT An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. local low complexity qt	7.8
2020-09-14	CVE-2020-0570	Untrusted Search Path vulnerability in multiple products Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. local low complexity qt redhat CWE-426	7.3
2020-06-09	CVE-2020-13962	Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. network low complexity mumble qt fedoraproject opensuse	7.5
2020-02-28	CVE-2018-21035	Allocation of Resources Without Limits or Throttling vulnerability in QT In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. network low complexity qt CWE-770	7.5
2020-01-24	CVE-2015-9541	XML Entity Expansion vulnerability in multiple products Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. network low complexity qt fedoraproject CWE-776	7.5
2018-12-26	CVE-2018-19870	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Qt before 5.11.3. network low complexity qt debian opensuse CWE-476	8.8
2018-12-26	CVE-2018-15518	Double Free vulnerability in multiple products QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. network low complexity qt debian opensuse CWE-415	8.8
2018-12-05	CVE-2018-19865	Information Exposure Through Log Files vulnerability in multiple products A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. network low complexity qt opensuse CWE-532	7.5
2018-01-09	CVE-2015-1290	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. network low complexity google qt opensuse CWE-119	8.8
2017-10-04	CVE-2017-15011	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in QT The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. network low complexity qt CWE-119	7.5