{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","type":"deb","namespace":"debian","name":"qtbase-opensource-src","version":"5.15.8+dfsg-11+deb12u3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.15.8+dfsg-12","latest_non_vulnerable_version":"5.15.17+dfsg-8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80937?format=json","vulnerability_id":"VCID-tmsm-qg7n-8fcv","summary":"qt6-qtbase: qt5-qtbase: QtCore Assertion Failure Denial of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5455.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5455.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5455","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60094","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60105","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60092","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60076","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60101","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5455"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5455","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5455"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108474","reference_id":"1108474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108474"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108475","reference_id":"1108475","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108475"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369722","reference_id":"2369722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369722"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/642006","reference_id":"642006","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/R:U/RE:M/U:Clear"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-02T12:39:49Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/642006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11841","reference_id":"RHSA-2025:11841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9462","reference_id":"RHSA-2025:9462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9486","reference_id":"RHSA-2025:9486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9486"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126173?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2025-5455"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmsm-qg7n-8fcv"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99600?format=json","vulnerability_id":"VCID-12rb-aa67-h7fr","summary":"An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24742.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24742","reference_id":"","reference_type":"","scores":[{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75008","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75037","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75041","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75034","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75019","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75046","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24742"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1993136","reference_id":"1993136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1993136"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126157?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.12.5%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.12.5%252Bdfsg-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2020-24742"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12rb-aa67-h7fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99583?format=json","vulnerability_id":"VCID-1dp2-9bgr-9ugv","summary":"Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1858.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1858.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1858","reference_id":"","reference_type":"","scores":[{"value":"0.02574","scoring_system":"epss","scoring_elements":"0.8583","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02574","scoring_system":"epss","scoring_elements":"0.85852","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02574","scoring_system":"epss","scoring_elements":"0.85853","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02574","scoring_system":"epss","scoring_elements":"0.8585","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02574","scoring_system":"epss","scoring_elements":"0.85834","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02574","scoring_system":"epss","scoring_elements":"0.85849","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1210673","reference_id":"1210673","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1210673"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783134","reference_id":"783134","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783134"},{"reference_url":"https://security.gentoo.org/glsa/201603-10","reference_id":"GLSA-201603-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-10"},{"reference_url":"https://usn.ubuntu.com/2626-1/","reference_id":"USN-2626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2626-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126151?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.3.2%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.3.2%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2015-1858"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dp2-9bgr-9ugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91230?format=json","vulnerability_id":"VCID-1uvf-h58y-a3at","summary":"qtbase: potential buffer overflow when reading KTX images","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25580.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25580.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25580","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20999","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21098","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21053","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20989","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21111","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25580","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25580"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064052","reference_id":"1064052","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064052"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064053","reference_id":"1064053","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064053"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064054","reference_id":"1064054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2264423","reference_id":"2264423","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2264423"},{"reference_url":"https://security.gentoo.org/glsa/202506-06","reference_id":"GLSA-202506-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2276","reference_id":"RHSA-2024:2276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3056","reference_id":"RHSA-2024:3056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3056"},{"reference_url":"https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images","reference_id":"security-advisory-potential-buffer-overflow-when-reading-ktx-images","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T18:41:43Z/"}],"url":"https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images"},{"reference_url":"https://usn.ubuntu.com/7923-1/","reference_id":"USN-7923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126167?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126169?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.10%2Bdfsg-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.10%252Bdfsg-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2024-25580"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1uvf-h58y-a3at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97074?format=json","vulnerability_id":"VCID-23uh-s4rm-fkdv","summary":"qt5: A possible DOS involving the Qt SQL ODBC driver plugin","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24607.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24607.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24607","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57991","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58042","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5805","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5804","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24607"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24607","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24607"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031871","reference_id":"1031871","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031871"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031872","reference_id":"1031872","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031872"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187154","reference_id":"2187154","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187154"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/456216","reference_id":"456216","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:11:26Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/456216"},{"reference_url":"https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217","reference_id":"456217","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:11:26Z/"}],"url":"https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"},{"reference_url":"https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238","reference_id":"456238","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:11:26Z/"}],"url":"https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"},{"reference_url":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d","reference_id":"aaf1381eab6292aa0444a5eadcc24165b6e1c02d","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:11:26Z/"}],"url":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"},{"reference_url":"https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff","reference_id":"CVE-2023-24607-qtbase-5.15.diff","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:11:26Z/"}],"url":"https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html","reference_id":"msg00027.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:11:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"},{"reference_url":"https://www.qt.io/blog/tag/security","reference_id":"security","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:11:26Z/"}],"url":"https://www.qt.io/blog/tag/security"},{"reference_url":"https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin","reference_id":"security-advisory-qt-sql-odbc-driver-plugin","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:11:26Z/"}],"url":"https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"},{"reference_url":"https://usn.ubuntu.com/7780-1/","reference_id":"USN-7780-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7780-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126161?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2023-24607"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23uh-s4rm-fkdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95435?format=json","vulnerability_id":"VCID-2krk-y92t-7kd1","summary":"qtbase: buffer overflow in QXmlStreamReader","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37369.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37369.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37369","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49687","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49709","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49719","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49701","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49672","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37369"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37369","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37369"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059302","reference_id":"1059302","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059302"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2232173","reference_id":"2232173","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2232173"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/455027","reference_id":"455027","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:39:00Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/455027"},{"reference_url":"https://security.gentoo.org/glsa/202501-08","reference_id":"GLSA-202501-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-08"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html","reference_id":"msg00027.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:39:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html","reference_id":"msg00028.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:39:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/","reference_id":"O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:39:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/"},{"reference_url":"https://bugreports.qt.io/browse/QTBUG-114829","reference_id":"QTBUG-114829","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:39:00Z/"}],"url":"https://bugreports.qt.io/browse/QTBUG-114829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6369","reference_id":"RHSA-2023:6369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6967","reference_id":"RHSA-2023:6967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6967"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/","reference_id":"SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:39:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126164?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126166?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.10%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.10%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2023-37369"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2krk-y92t-7kd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99586?format=json","vulnerability_id":"VCID-3cz3-thd3-73a4","summary":"Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1860.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1860.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1860","reference_id":"","reference_type":"","scores":[{"value":"0.06355","scoring_system":"epss","scoring_elements":"0.91156","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06355","scoring_system":"epss","scoring_elements":"0.91168","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06355","scoring_system":"epss","scoring_elements":"0.91167","published_at":"2026-06-06T12:55:00Z"},{"value":"0.06355","scoring_system":"epss","scoring_elements":"0.91165","published_at":"2026-06-07T12:55:00Z"},{"value":"0.06355","scoring_system":"epss","scoring_elements":"0.91161","published_at":"2026-06-08T12:55:00Z"},{"value":"0.06355","scoring_system":"epss","scoring_elements":"0.91177","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1210675","reference_id":"1210675","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1210675"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783134","reference_id":"783134","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783134"},{"reference_url":"https://security.gentoo.org/glsa/201603-10","reference_id":"GLSA-201603-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-10"},{"reference_url":"https://usn.ubuntu.com/2626-1/","reference_id":"USN-2626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2626-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126151?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.3.2%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.3.2%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2015-1860"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cz3-thd3-73a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99587?format=json","vulnerability_id":"VCID-3m54-n5m3-s7bw","summary":"Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9541.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9541.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9541","reference_id":"","reference_type":"","scores":[{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68566","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68607","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68614","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68608","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68593","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.6861","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9541"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801369","reference_id":"1801369","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801369"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951066","reference_id":"951066","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4690","reference_id":"RHSA-2020:4690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4690"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126152?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.12.5%2Bdfsg-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.12.5%252Bdfsg-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2015-9541"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3m54-n5m3-s7bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99566?format=json","vulnerability_id":"VCID-7hfu-k49p-j3h9","summary":"In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25255.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25255.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25255","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25344","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25441","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25426","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25378","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.2532","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25329","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055505","reference_id":"2055505","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7482","reference_id":"RHSA-2022:7482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8022","reference_id":"RHSA-2022:8022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8022"},{"reference_url":"https://usn.ubuntu.com/8076-1/","reference_id":"USN-8076-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8076-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126160?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-15?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-15%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2022-25255"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hfu-k49p-j3h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99598?format=json","vulnerability_id":"VCID-7vsq-w46z-fqae","summary":"Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13962.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13962","reference_id":"","reference_type":"","scores":[{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81851","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81885","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81895","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81886","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81879","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849734","reference_id":"1849734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849734"},{"reference_url":"https://security.gentoo.org/glsa/202007-18","reference_id":"GLSA-202007-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4690","reference_id":"RHSA-2020:4690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4690"},{"reference_url":"https://usn.ubuntu.com/8076-1/","reference_id":"USN-8076-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8076-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126159?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.14.2%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.14.2%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2020-13962"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vsq-w46z-fqae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80736?format=json","vulnerability_id":"VCID-bh6a-s914-uubu","summary":"qt: Use after free in Qt","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5991.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5991.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5991","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24442","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24545","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.2449","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24432","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24555","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5991"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2371671","reference_id":"2371671","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2371671"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/643777","reference_id":"643777","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T13:17:41Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/643777"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126158?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2025-5991"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bh6a-s914-uubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95441?format=json","vulnerability_id":"VCID-bvsn-289t-7kag","summary":"qtbase: infinite loops in QXmlStreamReader","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38197.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38197","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16086","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16202","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16193","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16149","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16063","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38197"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041104","reference_id":"1041104","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041104"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041105","reference_id":"1041105","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041105"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041106","reference_id":"1041106","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041106"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2222767","reference_id":"2222767","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2222767"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/488960","reference_id":"488960","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-18T16:48:43Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/488960"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/","reference_id":"F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-18T16:48:43Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/"},{"reference_url":"https://security.gentoo.org/glsa/202501-08","reference_id":"GLSA-202501-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-08"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html","reference_id":"msg00027.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-18T16:48:43Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html","reference_id":"msg00028.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-18T16:48:43Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6369","reference_id":"RHSA-2023:6369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6967","reference_id":"RHSA-2023:6967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6967"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/","reference_id":"XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-18T16:48:43Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/","reference_id":"XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-18T16:48:43Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126164?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126166?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.10%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.10%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2023-38197"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvsn-289t-7kag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91597?format=json","vulnerability_id":"VCID-bxzh-se7c-1qab","summary":"qt: incorrect integer overflow check","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51714.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51714","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33683","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33697","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33663","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40496","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40482","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51714"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060693","reference_id":"1060693","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060693"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060694","reference_id":"1060694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060694"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060695","reference_id":"1060695","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060695"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255856","reference_id":"2255856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255856"},{"reference_url":"https://security.gentoo.org/glsa/202402-21","reference_id":"GLSA-202402-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2276","reference_id":"RHSA-2024:2276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3056","reference_id":"RHSA-2024:3056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3056"},{"reference_url":"https://usn.ubuntu.com/8076-1/","reference_id":"USN-8076-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8076-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126167?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126168?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.10%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.10%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2023-51714"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxzh-se7c-1qab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99594?format=json","vulnerability_id":"VCID-cev7-xxvq-b7fz","summary":"An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18281.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18281.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18281","reference_id":"","reference_type":"","scores":[{"value":"0.01749","scoring_system":"epss","scoring_elements":"0.82898","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01749","scoring_system":"epss","scoring_elements":"0.82924","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01749","scoring_system":"epss","scoring_elements":"0.82921","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01749","scoring_system":"epss","scoring_elements":"0.82913","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01749","scoring_system":"epss","scoring_elements":"0.82926","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18281"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764742","reference_id":"1764742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764742"},{"reference_url":"https://security.gentoo.org/glsa/202003-60","reference_id":"GLSA-202003-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1665","reference_id":"RHSA-2020:1665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1665"},{"reference_url":"https://usn.ubuntu.com/4275-1/","reference_id":"USN-4275-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4275-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126156?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.12.5%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.12.5%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2019-18281"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cev7-xxvq-b7fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99569?format=json","vulnerability_id":"VCID-cxqd-9psx-m3hm","summary":"An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32763","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24708","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24698","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24642","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24584","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24594","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32763"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036702","reference_id":"1036702","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036702"},{"reference_url":"https://security.gentoo.org/glsa/202402-03","reference_id":"GLSA-202402-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126162?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2023-32763"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cxqd-9psx-m3hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81739?format=json","vulnerability_id":"VCID-d7k5-7dmj-fbd4","summary":"qt: Improper Link Resolution Before File Access in QFileSystemEngine on Windows","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4211.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4211.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4211","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36862","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36888","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.3685","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36916","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36923","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4211"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2366850","reference_id":"2366850","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2366850"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/632231","reference_id":"632231","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T13:53:53Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/632231"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126158?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2025-4211"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7k5-7dmj-fbd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99582?format=json","vulnerability_id":"VCID-dpgq-7q6j-x3hm","summary":"The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0295.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0295.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0295","reference_id":"","reference_type":"","scores":[{"value":"0.036","scoring_system":"epss","scoring_elements":"0.87982","published_at":"2026-06-04T12:55:00Z"},{"value":"0.036","scoring_system":"epss","scoring_elements":"0.88003","published_at":"2026-06-05T12:55:00Z"},{"value":"0.036","scoring_system":"epss","scoring_elements":"0.88006","published_at":"2026-06-07T12:55:00Z"},{"value":"0.036","scoring_system":"epss","scoring_elements":"0.88007","published_at":"2026-06-08T12:55:00Z"},{"value":"0.036","scoring_system":"epss","scoring_elements":"0.88021","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1197273","reference_id":"1197273","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1197273"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779580","reference_id":"779580","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779580"},{"reference_url":"https://usn.ubuntu.com/2626-1/","reference_id":"USN-2626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2626-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126151?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.3.2%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.3.2%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2015-0295"],"risk_score":0.6,"exploitability":"0.5","weighted_severity":"1.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpgq-7q6j-x3hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99599?format=json","vulnerability_id":"VCID-g1mp-pbs2-ekgs","summary":"An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17507.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17507.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17507","reference_id":"","reference_type":"","scores":[{"value":"0.07128","scoring_system":"epss","scoring_elements":"0.91692","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07128","scoring_system":"epss","scoring_elements":"0.91704","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07128","scoring_system":"epss","scoring_elements":"0.91707","published_at":"2026-06-06T12:55:00Z"},{"value":"0.07128","scoring_system":"epss","scoring_elements":"0.91703","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07128","scoring_system":"epss","scoring_elements":"0.91702","published_at":"2026-06-08T12:55:00Z"},{"value":"0.07128","scoring_system":"epss","scoring_elements":"0.91716","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868532","reference_id":"1868532","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868532"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968444","reference_id":"968444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968444"},{"reference_url":"https://security.gentoo.org/glsa/202009-04","reference_id":"GLSA-202009-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202009-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5021","reference_id":"RHSA-2020:5021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1756","reference_id":"RHSA-2021:1756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1756"},{"reference_url":"https://usn.ubuntu.com/5081-1/","reference_id":"USN-5081-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5081-1/"},{"reference_url":"https://usn.ubuntu.com/8076-1/","reference_id":"USN-8076-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8076-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126159?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.14.2%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.14.2%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2020-17507"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1mp-pbs2-ekgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99589?format=json","vulnerability_id":"VCID-gdgy-4gu3-d3hk","summary":"QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15518.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15518","reference_id":"","reference_type":"","scores":[{"value":"0.02305","scoring_system":"epss","scoring_elements":"0.85042","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02305","scoring_system":"epss","scoring_elements":"0.85065","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02305","scoring_system":"epss","scoring_elements":"0.8507","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02305","scoring_system":"epss","scoring_elements":"0.85064","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02305","scoring_system":"epss","scoring_elements":"0.85054","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02305","scoring_system":"epss","scoring_elements":"0.85069","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19873"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1659000","reference_id":"1659000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1659000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2135","reference_id":"RHSA-2019:2135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3390","reference_id":"RHSA-2019:3390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1172","reference_id":"RHSA-2020:1172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1172"},{"reference_url":"https://usn.ubuntu.com/4003-1/","reference_id":"USN-4003-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4003-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126154?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.11.3%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.11.3%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2018-15518"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdgy-4gu3-d3hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99581?format=json","vulnerability_id":"VCID-gjap-mrah-87f4","summary":"QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4549.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4549.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4549","reference_id":"","reference_type":"","scores":[{"value":"0.05217","scoring_system":"epss","scoring_elements":"0.90112","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05217","scoring_system":"epss","scoring_elements":"0.90128","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05217","scoring_system":"epss","scoring_elements":"0.90127","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05217","scoring_system":"epss","scoring_elements":"0.90125","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05217","scoring_system":"epss","scoring_elements":"0.90124","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05217","scoring_system":"epss","scoring_elements":"0.9014","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=955375","reference_id":"955375","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=955375"},{"reference_url":"https://security.gentoo.org/glsa/201403-04","reference_id":"GLSA-201403-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201403-04"},{"reference_url":"https://usn.ubuntu.com/2057-1/","reference_id":"USN-2057-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2057-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126147?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.1.1%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.1.1%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2013-4549"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gjap-mrah-87f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99596?format=json","vulnerability_id":"VCID-gkvm-qequ-qqd4","summary":"Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0570.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0570.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0570","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56157","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56211","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56217","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56205","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56188","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56208","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0570"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800604","reference_id":"1800604","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800604"},{"reference_url":"https://security.gentoo.org/glsa/202003-60","reference_id":"GLSA-202003-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4025","reference_id":"RHSA-2020:4025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4690","reference_id":"RHSA-2020:4690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4690"},{"reference_url":"https://usn.ubuntu.com/4275-1/","reference_id":"USN-4275-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4275-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126157?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.12.5%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.12.5%252Bdfsg-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2020-0570"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkvm-qequ-qqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99573?format=json","vulnerability_id":"VCID-j8yv-hc6u-4kcx","summary":"encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30348","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13177","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1326","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13221","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13146","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13257","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30348"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/581442","reference_id":"581442","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-21T15:51:38Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/581442"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126158?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2025-30348"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8yv-hc6u-4kcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99595?format=json","vulnerability_id":"VCID-jcxk-kchw-pbac","summary":"Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0569.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0569.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0569","reference_id":"","reference_type":"","scores":[{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56252","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56308","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56314","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56301","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56284","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56303","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24742"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800600","reference_id":"1800600","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800600"},{"reference_url":"https://security.gentoo.org/glsa/202003-60","reference_id":"GLSA-202003-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4025","reference_id":"RHSA-2020:4025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4690","reference_id":"RHSA-2020:4690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4690"},{"reference_url":"https://usn.ubuntu.com/4275-1/","reference_id":"USN-4275-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4275-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126157?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.12.5%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.12.5%252Bdfsg-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2020-0569"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcxk-kchw-pbac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89878?format=json","vulnerability_id":"VCID-k2nj-tu6c-yudk","summary":"qtbase: qtbase: Delay any communication until encrypted() can be responded to","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39936.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39936.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39936","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42637","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42687","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42664","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42628","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42676","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39936"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39936","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39936"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076292","reference_id":"1076292","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076292"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076293","reference_id":"1076293","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076293"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077544","reference_id":"1077544","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077544"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295867","reference_id":"2295867","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295867"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/571601","reference_id":"571601","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T16:46:00Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/571601"},{"reference_url":"https://security.gentoo.org/glsa/202506-06","reference_id":"GLSA-202506-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4617","reference_id":"RHSA-2024:4617","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4617"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4621","reference_id":"RHSA-2024:4621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4623","reference_id":"RHSA-2024:4623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4638","reference_id":"RHSA-2024:4638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4639","reference_id":"RHSA-2024:4639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4644","reference_id":"RHSA-2024:4644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4645","reference_id":"RHSA-2024:4645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4646","reference_id":"RHSA-2024:4646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4647","reference_id":"RHSA-2024:4647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4647"},{"reference_url":"https://usn.ubuntu.com/8076-1/","reference_id":"USN-8076-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8076-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126170?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126171?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.13%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.13%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2024-39936"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2nj-tu6c-yudk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99590?format=json","vulnerability_id":"VCID-kzwj-7rmf-cqeb","summary":"An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19870.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19870","reference_id":"","reference_type":"","scores":[{"value":"0.01691","scoring_system":"epss","scoring_elements":"0.82576","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01691","scoring_system":"epss","scoring_elements":"0.82603","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01691","scoring_system":"epss","scoring_elements":"0.82602","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01691","scoring_system":"epss","scoring_elements":"0.826","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01691","scoring_system":"epss","scoring_elements":"0.82594","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01691","scoring_system":"epss","scoring_elements":"0.82607","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19873"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658996","reference_id":"1658996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2135","reference_id":"RHSA-2019:2135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3390","reference_id":"RHSA-2019:3390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1172","reference_id":"RHSA-2020:1172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1172"},{"reference_url":"https://usn.ubuntu.com/4003-1/","reference_id":"USN-4003-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4003-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126154?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.11.3%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.11.3%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2018-19870"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzwj-7rmf-cqeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96147?format=json","vulnerability_id":"VCID-nnya-gzky-w7bv","summary":"qt: buffer over-read via a crafted reply from a DNS server","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33285.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33285","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25204","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25082","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2514","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2519","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27515","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33285"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036848","reference_id":"1036848","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036848"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2209488","reference_id":"2209488","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2209488"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/477644","reference_id":"477644","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-21T15:17:38Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/477644"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html","reference_id":"msg00027.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-21T15:17:38Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6369","reference_id":"RHSA-2023:6369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6967","reference_id":"RHSA-2023:6967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6967"},{"reference_url":"https://usn.ubuntu.com/7780-1/","reference_id":"USN-7780-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7780-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126163?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2023-33285"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnya-gzky-w7bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93779?format=json","vulnerability_id":"VCID-pnsk-serk-2bcz","summary":"qt: corrupted font loaded via QFontDatabase::addApplicationFont{FromData] leads to DoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43114.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43114","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16226","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16217","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16111","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16174","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16088","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43114"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241115","reference_id":"2241115","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241115"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/503026","reference_id":"503026","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:48:32Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/503026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126158?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2023-43114"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnsk-serk-2bcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99585?format=json","vulnerability_id":"VCID-q1j1-cnca-nfbk","summary":"Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1859.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1859.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1859","reference_id":"","reference_type":"","scores":[{"value":"0.04396","scoring_system":"epss","scoring_elements":"0.89181","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04396","scoring_system":"epss","scoring_elements":"0.89198","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04396","scoring_system":"epss","scoring_elements":"0.89199","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04396","scoring_system":"epss","scoring_elements":"0.89215","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1210674","reference_id":"1210674","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1210674"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783134","reference_id":"783134","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783134"},{"reference_url":"https://security.gentoo.org/glsa/201603-10","reference_id":"GLSA-201603-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-10"},{"reference_url":"https://usn.ubuntu.com/2626-1/","reference_id":"USN-2626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2626-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126151?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.3.2%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.3.2%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2015-1859"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q1j1-cnca-nfbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96075?format=json","vulnerability_id":"VCID-q7je-6hjs-cfdb","summary":"qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34410.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34410.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34410","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28107","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29881","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29928","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29897","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29869","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037209","reference_id":"1037209","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037209"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037210","reference_id":"1037210","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212747","reference_id":"2212747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212747"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/477560","reference_id":"477560","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:58:49Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/477560"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/480002","reference_id":"480002","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:58:49Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/480002"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html","reference_id":"msg00028.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:58:49Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6369","reference_id":"RHSA-2023:6369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6967","reference_id":"RHSA-2023:6967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6967"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/","reference_id":"UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:58:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"},{"reference_url":"https://usn.ubuntu.com/7780-1/","reference_id":"USN-7780-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7780-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126164?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126165?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-12?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2023-34410"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7je-6hjs-cfdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7172?format=json","vulnerability_id":"VCID-s8af-9r4x-t7er","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38593.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38593.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38593","reference_id":"","reference_type":"","scores":[{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.7501","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74998","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74983","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74973","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.75001","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.75006","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38593"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1994719","reference_id":"1994719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1994719"},{"reference_url":"https://security.archlinux.org/AVG-2281","reference_id":"AVG-2281","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2281"},{"reference_url":"https://security.archlinux.org/AVG-2282","reference_id":"AVG-2282","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2282"},{"reference_url":"https://security.gentoo.org/glsa/202402-03","reference_id":"GLSA-202402-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1796","reference_id":"RHSA-2022:1796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1796"},{"reference_url":"https://usn.ubuntu.com/5081-1/","reference_id":"USN-5081-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5081-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126158?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2021-38593"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8af-9r4x-t7er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90771?format=json","vulnerability_id":"VCID-sgz9-jmy4-effx","summary":"qt6: wasm component may access QNetworkReply header improperly","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30161.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30161.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30161","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23721","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2382","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2377","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23716","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23835","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30161"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2271518","reference_id":"2271518","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2271518"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/544314","reference_id":"544314","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T19:34:23Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/544314"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126158?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2024-30161"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgz9-jmy4-effx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99567?format=json","vulnerability_id":"VCID-ujpt-rwta-w3cu","summary":"Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25634.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25634.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25634","reference_id":"","reference_type":"","scores":[{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64091","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64135","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64144","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64133","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64122","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64142","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25634"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060619","reference_id":"2060619","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126158?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2022-25634"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujpt-rwta-w3cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83517?format=json","vulnerability_id":"VCID-vmpw-49ej-u3f8","summary":"qt6: Buffer overflow in QTextMarkdownImporter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3512.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3512.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3512","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23707","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23803","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23757","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23702","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23818","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3512"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103022","reference_id":"1103022","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103022"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359030","reference_id":"2359030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359030"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/635546","reference_id":"635546","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Clear"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-11T13:47:37Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/635546"},{"reference_url":"https://security.gentoo.org/glsa/202506-06","reference_id":"GLSA-202506-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-06"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126158?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2025-3512"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmpw-49ej-u3f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99588?format=json","vulnerability_id":"VCID-xdy3-f3af-f3gp","summary":"Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10040.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10040.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10040","reference_id":"","reference_type":"","scores":[{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70328","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70373","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70361","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.7035","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.7037","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70379","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10040"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409597","reference_id":"1409597","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409597"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126153?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.2.0%2Bdfsg-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.2.0%252Bdfsg-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2016-10040"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdy3-f3af-f3gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99592?format=json","vulnerability_id":"VCID-ymre-q24d-tqcy","summary":"An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19873.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19873.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19873","reference_id":"","reference_type":"","scores":[{"value":"0.04651","scoring_system":"epss","scoring_elements":"0.89485","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04651","scoring_system":"epss","scoring_elements":"0.89504","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04651","scoring_system":"epss","scoring_elements":"0.89519","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04651","scoring_system":"epss","scoring_elements":"0.89503","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04651","scoring_system":"epss","scoring_elements":"0.89501","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19873"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658998","reference_id":"1658998","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2135","reference_id":"RHSA-2019:2135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3390","reference_id":"RHSA-2019:3390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1172","reference_id":"RHSA-2020:1172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1172"},{"reference_url":"https://usn.ubuntu.com/4003-1/","reference_id":"USN-4003-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4003-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126154?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.11.3%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.11.3%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2018-19873"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymre-q24d-tqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99591?format=json","vulnerability_id":"VCID-z7sq-7myb-pkd8","summary":"An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19872.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19872.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19872","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49604","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49666","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49676","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49659","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.4963","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49645","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19872"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691636","reference_id":"1691636","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1172","reference_id":"RHSA-2020:1172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1665","reference_id":"RHSA-2020:1665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1665"},{"reference_url":"https://usn.ubuntu.com/4275-1/","reference_id":"USN-4275-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4275-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126155?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.11.2%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.11.2%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2018-19872"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7sq-7myb-pkd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99568?format=json","vulnerability_id":"VCID-z9dt-c4da-wyf2","summary":"An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32762","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33338","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33351","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33387","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33372","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33317","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32762"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.qt-project.org/pipermail/announce/2023-May/000414.html","reference_id":"000414.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-01T14:17:39Z/"}],"url":"https://lists.qt-project.org/pipermail/announce/2023-May/000414.html"},{"reference_url":"https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305","reference_id":"1b736a815be0222f4b24289cf17575fc15707305","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-01T14:17:39Z/"}],"url":"https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305"},{"reference_url":"https://codereview.qt-project.org/c/qt/qtbase/+/476140","reference_id":"476140","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-01T14:17:39Z/"}],"url":"https://codereview.qt-project.org/c/qt/qtbase/+/476140"},{"reference_url":"https://security.gentoo.org/glsa/202402-21","reference_id":"GLSA-202402-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-21"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html","reference_id":"msg00027.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-01T14:17:39Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"},{"reference_url":"https://usn.ubuntu.com/7780-1/","reference_id":"USN-7780-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7780-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126162?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2023-32762"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z9dt-c4da-wyf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99597?format=json","vulnerability_id":"VCID-zqm4-dhzp-tuff","summary":"setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12267.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12267.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12267","reference_id":"","reference_type":"","scores":[{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64754","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64796","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64806","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64795","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64784","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64802","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12267"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837471","reference_id":"1837471","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837471"},{"reference_url":"https://security.gentoo.org/glsa/202007-38","reference_id":"GLSA-202007-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126158?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126148?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.2%2Bdfsg-9%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.2%252Bdfsg-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126146?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.8%2Bdfsg-11%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tmsm-qg7n-8fcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126150?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.15%2Bdfsg-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.15%252Bdfsg-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/126149?format=json","purl":"pkg:deb/debian/qtbase-opensource-src@5.15.17%2Bdfsg-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.17%252Bdfsg-8%3Fdistro=trixie"}],"aliases":["CVE-2020-12267"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqm4-dhzp-tuff"}],"risk_score":"2.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/qtbase-opensource-src@5.15.8%252Bdfsg-11%252Bdeb12u3%3Fdistro=trixie"}