Msrc Cbl2 Qt5-Qtbase 5.12.11-15 On Cbl Mariner 2.0 vulnerabilities

CVE-2024-39936 [HIGH] CWE-367 An issue was discovered in HTTP2 in Qt before 5.15.18 6.x before 6.2.13 6.3.x through 6.5.x before 6.5.7 and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an establi An issue was discovered in HTTP2 in Qt before 5.15.18 6.x before 6.2.13 6.3.x through 6.5.x before 6.5.7 and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early because the encrypted() signal

CVE-2024-25580 [MEDIUM] CWE-120 An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur vi An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. FAQ: Is Azure Linux the only Microsoft

CVE-2023-51714 [CRITICAL] CWE-190 An issue was discovered in the HTTP2 implementation in Qt before 5.15.17 6.x before 6.2.11 6.3.x through 6.5.x before 6.5.4 and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect An issue was discovered in the HTTP2 implementation in Qt before 5.15.17 6.x before 6.2.11 6.3.x through 6.5.x before 6.5.4 and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. FAQ: Is Azure Linux the only Micr

CVE-2023-34410 [MEDIUM] CWE-295 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configure An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. FAQ: Is Azure Linux the only Microsoft product t

CVE-2023-32573 [MEDIUM] CWE-369 In Qt before 5.15.14 6.0.x through 6.2.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.1 QtSvg QSvgFont m_unitsPerEm initialization is mishandled. In Qt before 5.15.14 6.0.x through 6.2.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.1 QtSvg QSvgFont m_unitsPerEm initialization is mishandled. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefi

CVE-2023-25193 [HIGH] CWE-770 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is

CVE-2022-25634 [HIGH] CWE-22 Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to kee

CVE-2022-25255 [HIGH] In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX QProcess could execute a binary from the current working directory when not found in the PATH. In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX QProcess could execute a binary from the current working directory when not found in the PATH. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by

CVE-2021-38593 [HIGH] CWE-787 Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this v

CVE-2020-0569 [MEDIUM] CWE-787 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vuln

CVE-2018-21035 [HIGH] CWE-770 In Qt through 5.14.1 the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of servic In Qt through 5.14.1 the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). FAQ: Is Azure Linux the only Microsoft produ