CVE-2020-0570 - Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticat

CVE-2020-0570

Summary

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

References

Vulnerable Configurations

cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.00:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.00:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.4:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.4:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.4:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.4:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.5:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.5:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.5:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.5:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.6:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.6:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.6:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.6:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.7:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.7:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.7:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.0.7:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.1.1:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.1.1:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.1.1:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.1.1:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.1.2:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.1.2:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.1.2:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.1.2:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.1:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.1:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.1:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.1:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.2:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.2:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.2:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.2:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.3:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.3:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.3:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.2.3:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.1:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.1:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.1:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.1:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.2:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.2:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.2:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.2:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.3:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.3:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.3:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.3:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.4:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.4:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.4:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.4:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.6:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.6:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.6:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.6:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.7:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.7:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.7:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.7:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.8:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.8:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.8:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.8:p:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.8b:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.8b:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.5:rc:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.6.5:rc:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.7:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.8.7:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.6.1-1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.6.1-1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.7:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.7:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.7.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.7.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.8.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.8.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.0:*:*:*:*:android:*:*
cpe:2.3:a:qt:qt:5.9.0:*:*:*:*:android:*:*
cpe:2.3:a:qt:qt:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.3:*:*:*:*:android:*:*
cpe:2.3:a:qt:qt:5.9.3:*:*:*:*:android:*:*
cpe:2.3:a:qt:qt:5.9.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.7:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.7:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.8:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.8:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.9:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.9.9:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.10.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.10.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.11.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.11.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.11.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.11.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.11.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.11.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.11.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.11.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.12.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:-:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:beta1:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:beta1:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:beta2:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:beta2:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:beta3:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:beta3:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:beta4:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:beta4:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:rc3:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.0:rc3:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.13.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.14:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.14:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 21-09-2021 - 17:58)
Impact:
Exploitability:

CWE

CWE-426

CAPEC

Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1800604
title	CVE-2020-0570 qt: files placed by attacker can influence the working directory and lead to malicious code execution

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment qt5-qtbase is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025001
comment qt5-qtbase is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135116

AND

comment qt5-qtbase-common is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025003
comment qt5-qtbase-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135118

AND

comment qt5-qtbase-devel is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025005
comment qt5-qtbase-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135120

AND

comment qt5-qtbase-doc is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025007
comment qt5-qtbase-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135122

AND

comment qt5-qtbase-examples is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025009
comment qt5-qtbase-examples is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135124

AND

comment qt5-qtbase-gui is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025011
comment qt5-qtbase-gui is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135126

AND

comment qt5-qtbase-mysql is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025013
comment qt5-qtbase-mysql is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135128

AND

comment qt5-qtbase-odbc is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025015
comment qt5-qtbase-odbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135130

AND

comment qt5-qtbase-postgresql is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025017
comment qt5-qtbase-postgresql is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135132

AND

comment qt5-qtbase-static is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025019
comment qt5-qtbase-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135134

AND

comment qt5-rpm-macros is earlier than 0:5.9.7-4.el7
oval oval:com.redhat.rhsa:tst:20204025021
comment qt5-rpm-macros is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192135136

rhsa

id	RHSA-2020:4025
released	2020-09-29
severity	Moderate
title	RHSA-2020:4025: qt5-qtbase security update (Moderate)

rpms

qt5-qtbase-0:5.9.7-4.el7
qt5-qtbase-common-0:5.9.7-4.el7
qt5-qtbase-debuginfo-0:5.9.7-4.el7
qt5-qtbase-devel-0:5.9.7-4.el7
qt5-qtbase-doc-0:5.9.7-4.el7
qt5-qtbase-examples-0:5.9.7-4.el7
qt5-qtbase-gui-0:5.9.7-4.el7
qt5-qtbase-mysql-0:5.9.7-4.el7
qt5-qtbase-odbc-0:5.9.7-4.el7
qt5-qtbase-postgresql-0:5.9.7-4.el7
qt5-qtbase-static-0:5.9.7-4.el7
qt5-rpm-macros-0:5.9.7-4.el7
qt5-assistant-0:5.12.5-2.el8
qt5-assistant-debuginfo-0:5.12.5-2.el8
qt5-designer-0:5.12.5-2.el8
qt5-designer-debuginfo-0:5.12.5-2.el8
qt5-doctools-0:5.12.5-2.el8
qt5-doctools-debuginfo-0:5.12.5-2.el8
qt5-linguist-0:5.12.5-2.el8
qt5-linguist-debuginfo-0:5.12.5-2.el8
qt5-qdbusviewer-0:5.12.5-2.el8
qt5-qdbusviewer-debuginfo-0:5.12.5-2.el8
qt5-qtbase-0:5.12.5-6.el8
qt5-qtbase-common-0:5.12.5-6.el8
qt5-qtbase-debuginfo-0:5.12.5-6.el8
qt5-qtbase-debugsource-0:5.12.5-6.el8
qt5-qtbase-devel-0:5.12.5-6.el8
qt5-qtbase-devel-debuginfo-0:5.12.5-6.el8
qt5-qtbase-examples-0:5.12.5-6.el8
qt5-qtbase-examples-debuginfo-0:5.12.5-6.el8
qt5-qtbase-gui-0:5.12.5-6.el8
qt5-qtbase-gui-debuginfo-0:5.12.5-6.el8
qt5-qtbase-mysql-0:5.12.5-6.el8
qt5-qtbase-mysql-debuginfo-0:5.12.5-6.el8
qt5-qtbase-odbc-0:5.12.5-6.el8
qt5-qtbase-odbc-debuginfo-0:5.12.5-6.el8
qt5-qtbase-postgresql-0:5.12.5-6.el8
qt5-qtbase-postgresql-debuginfo-0:5.12.5-6.el8
qt5-qtbase-private-devel-0:5.12.5-6.el8
qt5-qtbase-static-0:5.12.5-6.el8
qt5-qtbase-tests-debuginfo-0:5.12.5-6.el8
qt5-qttools-0:5.12.5-2.el8
qt5-qttools-common-0:5.12.5-2.el8
qt5-qttools-debuginfo-0:5.12.5-2.el8
qt5-qttools-debugsource-0:5.12.5-2.el8
qt5-qttools-devel-0:5.12.5-2.el8
qt5-qttools-devel-debuginfo-0:5.12.5-2.el8
qt5-qttools-examples-0:5.12.5-2.el8
qt5-qttools-examples-debuginfo-0:5.12.5-2.el8
qt5-qttools-libs-designer-0:5.12.5-2.el8
qt5-qttools-libs-designer-debuginfo-0:5.12.5-2.el8
qt5-qttools-libs-designercomponents-0:5.12.5-2.el8
qt5-qttools-libs-designercomponents-debuginfo-0:5.12.5-2.el8
qt5-qttools-libs-help-0:5.12.5-2.el8
qt5-qttools-libs-help-debuginfo-0:5.12.5-2.el8
qt5-qttools-static-0:5.12.5-2.el8
qt5-qttools-tests-debuginfo-0:5.12.5-2.el8
qt5-qtwebsockets-0:5.12.5-2.el8
qt5-qtwebsockets-debuginfo-0:5.12.5-2.el8
qt5-qtwebsockets-debugsource-0:5.12.5-2.el8
qt5-qtwebsockets-devel-0:5.12.5-2.el8
qt5-qtwebsockets-devel-debuginfo-0:5.12.5-2.el8
qt5-qtwebsockets-examples-0:5.12.5-2.el8
qt5-qtwebsockets-examples-debuginfo-0:5.12.5-2.el8
qt5-qtwebsockets-tests-debuginfo-0:5.12.5-2.el8

refmap via4

misc

https://bugzilla.redhat.com/show_bug.cgi?id=1800604

Last major update

21-09-2021 - 17:58

Published

14-09-2020 - 19:15

Last modified

21-09-2021 - 17:58