Msrc Cm1 Qt5-Qtbase 5.12.11-2 On Cbl Mariner 1.0 vulnerabilities

CVE-2020-0570 [HIGH] CWE-426 Uncontrolled search path in the QT Library before 5.14.0 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Uncontrolled search path in the QT Library before 5.14.0 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by thi

CVE-2020-17507 [MEDIUM] CWE-125 An issue was discovered in Qt through 5.12.9 and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. An issue was discovered in Qt through 5.12.9 and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the mai

CVE-2015-9541 [MEDIUM] CWE-776 Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader a related issue to CVE-2003-1564. Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader a related issue to CVE-2003-1564. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vuln