all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value

Add to bookmarks
April 28, 2022, 1:03 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


Prior to version 5.14, Qt hard-codes the qt_prfxpath value to a fixed value, which may lead to privilege escalation vulnerabilities in Windows software that uses Qt.


Description


Prior to version 5.14, Qt hard-codes the qt_prfxpath value to a value that reflects the path where Qt exists on the system that was used to build Qt. For example, it may refer to a specific subdirectory within C:\Qt\, which is the default installation location for Qt on Windows. If software that …

coding escalation hard privilege privilege escalation value

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 2 days, 3 hours ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 1 week, 1 day ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 1 week, 2 days ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 2 weeks, 1 day ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 4 weeks, 2 days ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 1 month ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 1 month, 1 week ago | kb.cert.org
app attacks bluetooth called +11
VU#446598: GPU kernel implementations susceptible to memory leak 3 months ago | kb.cert.org
access amd apple attacker +18
VU#302671: SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies 3 months ago | kb.cert.org
attacker bypass can data +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Deputy Chief Information Security Officer

@ City of Philadelphia | Philadelphia, PA, United States
View on infosec-jobs.com

Global Cybersecurity Expert

@ CMA CGM | Mumbai, IN
View on infosec-jobs.com

Senior Security Operations Engineer

@ EarnIn | Mexico
View on infosec-jobs.com

Cyber Technologist (Sales Engineer)

@ Darktrace | London
View on infosec-jobs.com
View more jobs