Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.8 views

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/24 8:48 p.m.11 views

XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the OOXML parsing of the file indexer, external entity resolution is not disabled. A crafted XLSX or PPTX document...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:23 a.m.8 views

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: clamav (UTSA-2026-017364)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017364 advisory. A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an...

7.5CVSS5.8AI score0.03061EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.2 views

SAP BusinessObjects Business Intelligence Platform Deserialization (3617142)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is prior to 2025 SP000 000500, 4.3 SP004 001400, or 4.3 SP005 000200. It is, therefore, affected by a vulnerability as referenced in the 3617142 advisory. - Improper Input Validation vulnerability in...

5.3CVSS6.4AI score0.01237EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 3:13 p.m.4 views

Security Bulletin: Improper Input Validation in Apache POI OOXML Parsing Allows Ambiguity with Duplicate ZIP Entries (Fixed in poi-ooxml 5.4.0) affects watsonx.data

Summary Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In...

5.3CVSS7.1AI score0.01237EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/04/09 12:30 p.m.2 views

Improper Input Validation

Overview org.apache.poi:poi-ooxml is a Java API To Access Microsoft Format Files. Affected versions of this package are vulnerable to Improper Input Validation due to the parsing process of OOXML format files. An attacker can manipulate the file content by adding zip entries with duplicate names,...

6.9CVSS6.7AI score0.01237EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.43 views

Amazon Linux 2023 : clamav, clamav-data, clamav-devel (ALAS2023-2023-052)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-052 advisory. A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause...

8.6CVSS6.6AI score0.0663EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.1 views

SUSE CVE-2022-20698

A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that m...

7.5CVSS6.8AI score0.03061EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2023/01/04 12:0 a.m.38 views

Amazon Linux 2022 : clamav (ALAS2022-2022-229)

The version of clamav installed on the remote host is prior to 0.103.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-229 advisory. - A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4...

8.6CVSS6.5AI score0.0663EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.31 views

Amazon Linux 2022 : clamav, clamav-data, clamav-devel (ALAS2022-2022-063)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-063 advisory. A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial...

7.5CVSS7.2AI score0.03061EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/02/22 12:0 a.m.29 views

openSUSE 15 Security Update : clamav (openSUSE-SU-2022:0493-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0493-1 advisory. - A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could all...

7.5CVSS7.2AI score0.03061EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/02/10 12:0 a.m.35 views

SUSE SLES12 Security Update : clamav (SUSE-SU-2022:0358-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:0358-1 advisory. - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. bsc1194731 Tenable has extracted the preceding description...

7.5CVSS6.8AI score0.03061EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/01/27 12:0 a.m.25 views

SUSE SLES11 Security Update : clamav (SUSE-SU-2022:14882-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:14882-1 advisory. - A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow...

7.5CVSS7.2AI score0.03061EPSS
Exploits1References4
OSV
OSV
added 2022/01/18 7:29 p.m.7 views

MGASA-2022-0024 Updated clamav packages fix security vulnerability

A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that m...

7.5CVSS7.4AI score0.03061EPSS
Exploits1References4
Mageia
Mageia
added 2022/01/18 7:29 p.m.63 views

Updated clamav packages fix security vulnerability

A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that m...

7.5CVSS5AI score0.03061EPSS
Exploits1References3
OSV
OSV
added 2022/01/14 6:15 a.m.4 views

AZL-7532 CVE-2022-20698 affecting package clamav for versions less than 0.104.2-1

A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that m...

7.5CVSS7.4AI score0.03061EPSS
Exploits1References1
OSV
OSV
added 2022/01/14 6:15 a.m.2 views

DEBIAN-CVE-2022-20698

A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that m...

7.5CVSS7.6AI score0.03061EPSS
Exploits1References1
OSV
OSV
added 2022/01/14 6:15 a.m.28 views

CVE-2022-20698

A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that m...

7.5CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2022/01/14 6:15 a.m.1 views

ALPINE-CVE-2022-20698

A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that m...

7.5CVSS6.8AI score0.03061EPSS
Exploits1References1
Rows per page
Query Builder