Thiago Macieira

**Name of the Vulnerable Software and Affected Versions** QT Library versions prior to 5.14.0 QT Library versions prior to 5.12.7 QT Library versions prior to 5.9.10 **Description** The issue is related to an uncontrolled search path in the QT Library, which may allow an authenticated user to potentially enable elevation of privilege via local access. This vulnerability is associated with the use of an unreliable search path, and its exploitation can allow an attacker to elevate privileges in the system. **Recommendations** For QT Library versions prior to 5.14.0, update to version 5.14.0 or later. For QT Library versions prior to 5.12.7, update to version 5.12.7 or later. For QT Library versions prior to 5.9.10, update to version 5.9.10 or later.

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 4.7.0-rc1 **Description** The issue allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. This is possible because QSslSocket in Qt recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate. **Recommendations** For Qt versions prior to 4.7.0-rc1, update to version 4.7.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting the use of QSslSocket until a patch is available. Avoid using QSslSocket with certificates that contain wildcard IP addresses in the Common Name field until the issue is resolved.