CVE-2019-12415
- EPSS 0.03%
- Veröffentlicht 23.10.2019 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:22:47
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...
CVE-2019-2897
- EPSS 0.33%
- Veröffentlicht 16.10.2019 18:15:27
- Zuletzt bearbeitet 21.11.2024 04:41:45
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low p...
CVE-2019-17195
- EPSS 4.27%
- Veröffentlicht 15.10.2019 14:15:12
- Zuletzt bearbeitet 21.11.2024 04:31:50
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
CVE-2019-13990
- EPSS 16.98%
- Veröffentlicht 26.07.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 04:25:50
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
CVE-2019-0188
- EPSS 0.96%
- Veröffentlicht 28.05.2019 19:29:02
- Zuletzt bearbeitet 21.11.2024 04:16:26
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
CVE-2019-0227
- EPSS 89.88%
- Veröffentlicht 01.05.2019 21:29:00
- Zuletzt bearbeitet 08.05.2025 18:13:51
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to buil...
CVE-2019-5427
- EPSS 4.72%
- Veröffentlicht 22.04.2019 21:29:00
- Zuletzt bearbeitet 05.09.2025 17:23:58
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
CVE-2019-10246
- EPSS 2.58%
- Veröffentlicht 22.04.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:18:44
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory co...
CVE-2019-10247
- EPSS 3.1%
- Veröffentlicht 22.04.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:18:44
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 4...
CVE-2019-0222
- EPSS 8.92%
- Veröffentlicht 28.03.2019 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:31
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.