FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-11 14:10:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
43ae57f6-92ab-11ec-81b4-2cf05d620ecc	Qt5 -- QProcess unexpected search path The Qt Company reports: Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minimal. Specifically, the problem is around using QProcess to start an application without having an absolute path, and as a result, it depends on it finding it in the PATH environment variable. As a result, it may be possible for an attacker to place their copy of the executable in question inside the working/current directory for the QProcess and have it invoked that instead. Discovery 2022-02-17 Entry 2022-02-21 qt5-core < 5.15.2p263_1 CVE-2022-25255 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25255

VuXML ID

Description

43ae57f6-92ab-11ec-81b4-2cf05d620ecc

Qt5 -- QProcess unexpected search path

The Qt Company reports:

Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minimal.

Specifically, the problem is around using QProcess to start an application without having an absolute path, and as a result, it depends on it finding it in the PATH environment variable. As a result, it may be possible for an attacker to place their copy of the executable in question inside the working/current directory for the QProcess and have it invoked that instead.

Discovery 2022-02-17
Entry 2022-02-21
qt5-core

< 5.15.2p263_1

CVE-2022-25255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25255