CVE-2018-19865Log File Information Exposure in QT

CWE-532Log File Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 26.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QTDebian Qtvirtualkeyboard-opensource-srcOpensuse Leap
Timeline
PublishedDec 5
Latest updateMay 14

Description

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/qtvirtualkeyboard-opensource-src< qtvirtualkeyboard-opensource-src 5.11.3+dfsg-2 (bookworm)
NVDqt/qt5.11.05.11.3+4
NVDopensuse/leap15.0

Patches

Patch: codereview.qt-project.orgPatch: codereview.qt-project.orgPatch: codereview.qt-project.org

🔴Vulnerability Details

2
GHSA
GHSA-f68g-4p63-5wh7: A keystroke logging issue was discovered in Virtual Keyboard in Qt 52022-05-14
OSV
CVE-2018-19865: A keystroke logging issue was discovered in Virtual Keyboard in Qt 52018-12-05

📋Vendor Advisories

1
Debian
CVE-2018-19865: qtvirtualkeyboard-opensource-src - A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x,...2018