Lucene search
+L

18 matches found

Rosalinux
Rosalinux
added 2023/10/22 6:16 a.m.61 views

Advisory ROSA-SA-2023-2272

software: quartz 2.2.1 OS: ROSA-CHROME packageevrstring: quartz-2.2.1-11.src.rpm CVE-ID: CVE-2019-13990 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler before version 2.3.0 allows XXE attacks via job description...

9.8CVSS6.8AI score0.162EPSS
Exploits0
CNNVD
CNNVD
added 2023/07/28 12:0 a.m.6 views

Terracotta Quartz Scheduler 代码注入漏洞

Terracotta Quartz Scheduler is an open source job scheduling framework. A security vulnerability exists in Terracotta Quartz Scheduler 2.3.2 and earlier versions, which stems from a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute...

9.8CVSS7.2AI score0.01017EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.4 views

SUSE CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

5CVSS7AI score0.162EPSS
Exploits0References5
OSV
OSV
added 2021/03/14 9:20 p.m.16 views

MGASA-2021-0133 Updated quartz packages fix a security vulnerability

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description CVE-2019-13990...

9.8CVSS9.3AI score0.162EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.6 views

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

9.8CVSS7AI score0.162EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/29 8:57 a.m.37 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Terracotta Quartz Scheduler

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Terracotta Quartz Scheduler. Vulnerability Details CVEID: CVE-2019-13990 DESCRIPTION: Terracotta could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external enti...

9.8CVSS1.6AI score0.162EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2020/08/04 2:2 p.m.6 views

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

9.8CVSS7AI score0.162EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/05/15 12:0 a.m.7 views

The vulnerability of the initDocumentParser function in the Terracotta Quartz Scheduler library, which allows a hacker to execute an XXE attack

The vulnerability of the initDocumentParser function in the Terracotta Quartz Scheduler’s task scheduling library is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute an XXE attack...

10CVSS7AI score0.162EPSS
Exploits0References9Affected Software21
RedhatCVE
RedhatCVE
added 2020/02/10 11:44 a.m.75 views

CVE-2019-13990

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

9.8CVSS9.3AI score0.162EPSS
Exploits0References3
CNVD
CNVD
added 2019/07/29 12:0 a.m.4 views

Terracotta Quartz Scheduler Code Issue Vulnerability

Terracotta Quartz Scheduler is an open source job scheduling framework . A code issue vulnerability exists in Terracotta Quartz Scheduler. The vulnerability stems from an improperly designed or implemented code development process for a networked system or product. An attacker can exploit this...

9.8CVSS9.2AI score0.162EPSS
Exploits0References1
OSV
OSV
added 2019/07/26 7:15 p.m.2 views

DEBIAN-CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

9.8CVSS7.1AI score0.162EPSS
Exploits0References1
OSV
OSV
added 2019/07/26 7:15 p.m.39 views

CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

9.8CVSS6.6AI score0.162EPSS
Exploits0References17
Prion
Prion
added 2019/07/26 7:15 p.m.28 views

Design/Logic Flaw

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

7.5CVSS9.1AI score0.162EPSS
Exploits0References17Affected Software29
OSV
OSV
added 2019/07/26 7:15 p.m.3 views

UBUNTU-CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

9.8CVSS6.8AI score0.162EPSS
Exploits0References3
CVE
CVE
added 2019/07/26 12:0 a.m.591 views

CVE-2019-13990

CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...

9.8CVSS9AI score0.162EPSS
Exploits0References17Affected Software1
Cvelist
Cvelist
added 2019/07/26 12:0 a.m.41 views

CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

9.2AI score0.162EPSS
Exploits0References17
Debian CVE
Debian CVE
added 2019/07/26 12:0 a.m.36 views

CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

9.8CVSS7.3AI score0.162EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2019/07/22 12:0 a.m.5 views

PT-2019-5263 · Terracotta +3 · Terracotta Quartz Scheduler +3

Name of the Vulnerable Software and Affected Versions: Terracotta Quartz Scheduler versions through 2.3.0 Description: The issue is related to the initDocumentParser function in the xml/XMLSchedulingDataProcessor.java file of the Terracotta Quartz Scheduler library, which is associated with...

10CVSS7.3AI score0.162EPSS
Exploits0References59
Rows per page
Query Builder