83 matches found
Multiple vulnerabilities in untangle
Overview untangle provided by Christian Stefanescu is a Python library for processing XML documents. untangle contains multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs CWE-776 - CVE-2022-33977 Improper Restriction of XML External Entity Reference...
JVN#30454777: Multiple vulnerabilities in untangle
untangle provided by Christian Stefanescu is a Python library for processing XML documents. untangle contains multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs CWE-776 - CVE-2022-33977 Version| Vector| Score ---|---|--- CVSS v3|...
untangle 代码问题漏洞
untangle is a package from the individual developer Christian Stefanescu in Germany. It is used to convert XML to Python objects. A code issue vulnerability exists in untangle that stems from insufficient validation of user-supplied XML input...
untangle 安全漏洞
untangle is a package from the individual developer Christian Stefanescu in Germany. It is used to convert XML to Python objects. A security vulnerability exists in untangle, which stems from improper restriction of XML entities in DTDs. A remote attacker could use this vulnerability to send a...
CVE-2020-17494
Untangle Firewall NG before 16.0 uses MD5 for passwords...
CVE-2020-17494
Untangle Firewall NG before 16.0 uses MD5 for passwords...
Design/Logic Flaw
Untangle Firewall NG before 16.0 uses MD5 for passwords...
CVE-2020-17494
Untangle Firewall NG before 16.0 uses MD5 for passwords...
CVE-2020-17494
Affected product: Untangle Firewall NG. Vulnerability: use of MD5 for passwords in versions before 16.0 (root cause: weak password hashing). Impact: knowledge of weak password storage; explicit exploitation details are not provided in the sources. Remediation: upgrade to version 16.0 or later (pe...
CVE-2019-18649
When logged in as an admin user, the Title input field under Reports within Untangle NG firewall 14.2.0 is vulnerable to stored XSS...
CVE-2019-18647
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...
CVE-2019-18649
When logged in as an admin user, the Title input field under Reports within Untangle NG firewall 14.2.0 is vulnerable to stored XSS...
CVE-2019-18648
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields...
CVE-2019-18646
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user...
CVE-2019-18647
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...
CVE-2019-18648
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields...
CVE-2019-18646
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user...
Command injection
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...
Cross site scripting
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields...
Cross site scripting
When logged in as an admin user, the Title input field under Reports within Untangle NG firewall 14.2.0 is vulnerable to stored XSS...