rpm package
almalinux/qt5
pkg:rpm/almalinux/qt5
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-37369 | — | < 5.15.9-1.el9 | 5.15.9-1.el9 | Aug 20, 2023 | In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. | ||
| CVE-2023-38197 | — | < 5.15.9-1.el9 | 5.15.9-1.el9 | Jul 13, 2023 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. | ||
| CVE-2023-34410 | — | < 5.15.9-1.el9 | 5.15.9-1.el9 | Jun 5, 2023 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. | ||
| CVE-2023-33285 | — | < 5.15.9-1.el9 | 5.15.9-1.el9 | May 22, 2023 | An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. | ||
| CVE-2023-32573 | — | < 5.15.9-1.el9 | 5.15.9-1.el9 | May 10, 2023 | In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. | ||
| CVE-2022-25255 | — | < 5.15.3-1.el9 | 5.15.3-1.el9 | Feb 16, 2022 | In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. |
- CVE-2023-37369Aug 20, 2023affected < 5.15.9-1.el9fixed 5.15.9-1.el9
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
- CVE-2023-38197Jul 13, 2023affected < 5.15.9-1.el9fixed 5.15.9-1.el9
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
- CVE-2023-34410Jun 5, 2023affected < 5.15.9-1.el9fixed 5.15.9-1.el9
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
- CVE-2023-33285May 22, 2023affected < 5.15.9-1.el9fixed 5.15.9-1.el9
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
- CVE-2023-32573May 10, 2023affected < 5.15.9-1.el9fixed 5.15.9-1.el9
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
- CVE-2022-25255Feb 16, 2022affected < 5.15.3-1.el9fixed 5.15.3-1.el9
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.