Lucene search
K

83 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/25 5:18 a.m.2 views

Multiple vulnerabilities in untangle

Overview untangle provided by Christian Stefanescu is a Python library for processing XML documents. untangle contains multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs CWE-776 - CVE-2022-33977 Improper Restriction of XML External Entity Reference...

7.5CVSS6.5AI score0.01396EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/25 12:0 a.m.30 views

JVN#30454777: Multiple vulnerabilities in untangle

untangle provided by Christian Stefanescu is a Python library for processing XML documents. untangle contains multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs CWE-776 - CVE-2022-33977 Version| Vector| Score ---|---|--- CVSS v3|...

7.5CVSS7.6AI score0.01396EPSS
Exploits0
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.2 views

untangle 代码问题漏洞

untangle is a package from the individual developer Christian Stefanescu in Germany. It is used to convert XML to Python objects. A code issue vulnerability exists in untangle that stems from insufficient validation of user-supplied XML input...

7.5CVSS6.1AI score0.01336EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.3 views

untangle 安全漏洞

untangle is a package from the individual developer Christian Stefanescu in Germany. It is used to convert XML to Python objects. A security vulnerability exists in untangle, which stems from improper restriction of XML entities in DTDs. A remote attacker could use this vulnerability to send a...

7.5CVSS6.2AI score0.01396EPSS
Exploits0References5
OSV
OSV
added 2020/11/12 9:15 p.m.4 views

CVE-2020-17494

Untangle Firewall NG before 16.0 uses MD5 for passwords...

5.3CVSS6.1AI score0.008EPSS
Exploits0References4
NVD
NVD
added 2020/11/12 9:15 p.m.13 views

CVE-2020-17494

Untangle Firewall NG before 16.0 uses MD5 for passwords...

5.3CVSS5.4AI score0.008EPSS
Exploits0References4
Prion
Prion
added 2020/11/12 9:15 p.m.13 views

Design/Logic Flaw

Untangle Firewall NG before 16.0 uses MD5 for passwords...

5CVSS5.4AI score0.008EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/11/12 8:42 p.m.16 views

CVE-2020-17494

Untangle Firewall NG before 16.0 uses MD5 for passwords...

5.4AI score0.008EPSS
Exploits0References4
CVE
CVE
added 2020/11/12 8:42 p.m.116 views

CVE-2020-17494

Affected product: Untangle Firewall NG. Vulnerability: use of MD5 for passwords in versions before 16.0 (root cause: weak password hashing). Impact: knowledge of weak password storage; explicit exploitation details are not provided in the sources. Remediation: upgrade to version 16.0 or later (pe...

5.3CVSS5.4AI score0.008EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2019/11/14 3:15 p.m.5 views

CVE-2019-18649

When logged in as an admin user, the Title input field under Reports within Untangle NG firewall 14.2.0 is vulnerable to stored XSS...

4.8CVSS5.8AI score0.00523EPSS
Exploits0References1
OSV
OSV
added 2019/11/14 3:15 p.m.5 views

CVE-2019-18647

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...

7.2CVSS5.8AI score0.01869EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 3:15 p.m.16 views

CVE-2019-18649

When logged in as an admin user, the Title input field under Reports within Untangle NG firewall 14.2.0 is vulnerable to stored XSS...

4.8CVSS5AI score0.00523EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 3:15 p.m.24 views

CVE-2019-18648

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields...

4.8CVSS4.9AI score0.00523EPSS
Exploits0References1
OSV
OSV
added 2019/11/14 3:15 p.m.5 views

CVE-2019-18646

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user...

7.2CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2019/11/14 3:15 p.m.18 views

CVE-2019-18647

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...

9CVSS7.2AI score0.01869EPSS
Exploits0References1
OSV
OSV
added 2019/11/14 3:15 p.m.5 views

CVE-2019-18648

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields...

4.8CVSS5.8AI score0.00523EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 3:15 p.m.16 views

CVE-2019-18646

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user...

7.2CVSS7.3AI score0.00907EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 3:15 p.m.15 views

Command injection

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...

9CVSS7.1AI score0.01869EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/11/14 3:15 p.m.14 views

Cross site scripting

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields...

3.5CVSS4.8AI score0.00523EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/11/14 3:15 p.m.20 views

Cross site scripting

When logged in as an admin user, the Title input field under Reports within Untangle NG firewall 14.2.0 is vulnerable to stored XSS...

3.5CVSS5AI score0.00523EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder