ALT-PU-2020-1556-1
Package qt5-remoteobjects updated to version 5.12.7-alt1 for branch sisyphus in task 248426.
Closed vulnerabilities
BDU:2022-01758
Уязвимость компонента QPluginLoader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-15011
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
Modified: 2024-11-21
CVE-2020-0570
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
- https://bugreports.qt.io/browse/QTBUG-81272
- https://bugzilla.redhat.com/show_bug.cgi?id=1800604
- https://lists.qt-project.org/pipermail/development/2020-January/038534.html
- https://bugreports.qt.io/browse/QTBUG-81272
- https://lists.qt-project.org/pipermail/development/2020-January/038534.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1800604
Modified: 2024-11-21
CVE-2020-24742
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.