Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

11 – 20 of 37 results

CVE-2023-33285

Medium priority
Needs evaluation

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.

2 affected packages

qt6-base, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Not in release Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-24607

Low priority
Vulnerable

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Not in release Ignored
qtbase-opensource-src Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2022-25634

Medium priority
Vulnerable

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

2 affected packages

qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qtbase-opensource-src Not affected Not affected Not affected Not affected Not affected
qtbase-opensource-src-gles Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2022-25255

Medium priority
Vulnerable

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.

2 affected packages

qt6-base, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Ignored
qtbase-opensource-src Not affected Not affected Vulnerable Not affected Not affected
Show less packages

CVE-2021-38593

Medium priority

Some fixes available 2 of 13

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

2 affected packages

qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qtbase-opensource-src Not affected Not affected Fixed Fixed Not affected
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2020-24742

Medium priority
Not affected

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

2 affected packages

qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qtbase-opensource-src Not affected Not affected Not affected Not affected
qtbase-opensource-src-gles Not affected Not affected Not in release Not affected
Show less packages

CVE-2020-15999

High priority

Some fixes available 14 of 15

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

18 affected packages

android, chromium-browser, firefox, freetype, godot...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
android Not in release Not in release Not in release Not in release Needs evaluation
chromium-browser Not affected Not affected Not affected Fixed Fixed
firefox Not affected Not affected Not affected Not affected Not affected
freetype Fixed Fixed Fixed Fixed Fixed
godot Not affected Not affected Not affected Not in release Not in release
graphicsmagick Not affected Not affected Not affected Not affected Not affected
musescore Not in release Not in release Not affected Not affected Not affected
openjdk-12 Not in release Not in release Not in release Not in release Not in release
openjdk-13 Not in release Not in release Not affected Not in release Not in release
openjdk-15 Not in release Not in release Not in release Not in release Not in release
openjdk-lts Not affected Not affected Not affected Not affected Not in release
oxide-qt Not in release Not in release Not in release Not in release Not affected
paraview Not affected Not affected Not affected Not affected Not affected
qtbase-opensource-src Not affected Not affected Not affected Not affected Not affected
qtbase-opensource-src-gles Not affected Not affected Not affected Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
texmaker Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected Not affected Not affected
Show all 18 packages Show less packages

CVE-2020-17507

Low priority

Some fixes available 1 of 6

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.

2 affected packages

qt4-x11, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Vulnerable Vulnerable
qtbase-opensource-src Not affected Not affected Vulnerable Fixed Vulnerable
Show less packages

CVE-2020-13962

Medium priority
Vulnerable

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions,...

1 affected packages

qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qtbase-opensource-src Not affected Not affected Vulnerable Not affected Not affected
Show less packages

CVE-2020-12267

Medium priority
Not affected

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.

2 affected packages

qt4-x11, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not affected Not affected
qtbase-opensource-src Not affected Not affected Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. Next page
Export to JSON