9 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-26336
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A shortcoming in the HMEF package of poi-scratchpad Apache POI allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files...
Security Bulletin: Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package(CVE-2022-26336)
Summary Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package. By persuading a victim to open a specially-crafted TNEF file, a remote attacker could exploit this vulnerability to cause the server to crashCVE-2022-26336 Vulnerability Details...
Important: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update
A minor version update from 7.10 to 7.11 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...
Security Bulletin: A security vulnerability has been identified in Apache poi-scratchpad shipped with IBM Tivoli Netcool Impact (CVE-2022-26336)
Summary Apache poi-scratchpad is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache poi-scratchpad has been published in a security bulletin. Vulnerability Details CVEID: CVE-2022-26336 DESCRIPTION: Apache POI is vulnerable to a denial of service,...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache POI
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache POI. Vulnerability Details CVEID: CVE-2022-26336 DESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package. By persuading a victim to...
ai.stainless:grails-tika (=0.1.0), be.ugent.idlab.knows:dataio (>=1.2.0 <=1.3.1) +637 more potentially affected by CVE-2022-26336 via org.apache.poi:poi-scratchpad (>=3.8-beta1 <=5.2.0)
org.apache.poi:poi-scratchpad MAVEN version =3.8-beta1, =1.2.0, =1.3, =1.0.7, =1.0.7, =1.0.1, =0.0.4, =1.0.0, =1.0.0, =1.0.3 - cn.com.jeeweb:jeeweb-jwt =1.0.0 - cn.com.jeeweb:jeeweb-minio =1.0.0 and more Source cves: CVE-2022-26336 Source advisory: OSV:GHSA-MQVP-7RRG-9JXC...
CVE-2022-26336 A carefully crafted TNEF file can cause an out of memory exception
A shortcoming in the HMEF package of poi-scratchpad Apache POI allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files Microsoft Outlook and Microsoft Exchange Server. If an application uses poi-scratchpad to parse TNEF files and the application allows...
CVE-2022-26336 A carefully crafted TNEF file can cause an out of memory exception
A shortcoming in the HMEF package of poi-scratchpad Apache POI allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files Microsoft Outlook and Microsoft Exchange Server. If an application uses poi-scratchpad to parse TNEF files and the application allows...
CVE-2022-26336
CVE-2022-26336 affects the poi-scratchpad HMEF package in Apache POI used to read TNEF files. The issue can trigger an Out of Memory exception when parsing untrusted TNEF inputs, impacting poi-scratchpad versions up to 5.2.0. The publicly recommended remediation is to upgrade to poi-scratchpad 5....