rpm package
suse/qt6-base-docs&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6
pkg:rpm/suse/qt6-base-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-5455 | Hig | — | < 6.6.3-150600.3.6.1 | 6.6.3-150600.3.6.1 | Jun 2, 2025 | An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a val | |
| CVE-2025-30348 | — | < 6.6.3-150600.3.6.1 | 6.6.3-150600.3.6.1 | Mar 21, 2025 | encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). | ||
| CVE-2024-39936 | — | < 6.6.3-150600.3.3.1 | 6.6.3-150600.3.3.1 | Jul 4, 2024 | An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not |
- affected < 6.6.3-150600.3.6.1fixed 6.6.3-150600.3.6.1
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a val
- CVE-2025-30348Mar 21, 2025affected < 6.6.3-150600.3.6.1fixed 6.6.3-150600.3.6.1
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
- CVE-2024-39936Jul 4, 2024affected < 6.6.3-150600.3.3.1fixed 6.6.3-150600.3.3.1
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not