Lucene search
+L

280 matches found

CNNVD
CNNVD
added 2025/04/09 12:0 a.m.3 views

Apache POI 安全漏洞

Apache POI is an open source library from the Apache Foundation that provides an API for Java programs to read and write Microsoft Office format files. A security vulnerability exists in Apache POI versions prior to 5.4.0, which stems from improper input validation and could result in reading...

5.3CVSS6.1AI score0.01286EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.4 views

PT-2025-15634 · Apache +1 · Apache Poi +1

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: The issue concerns the parsing of OOXML based files, such as xlsx and docx, by the poi-ooxml component. It can read unexpected data if the underlying zip file has duplicate zip entry...

5.3CVSS5.1AI score0.01286EPSS
Exploits0References22
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 8:43 p.m.12 views

Security Bulletin: IBM Planning Analytics Cartridge has addressed security vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Planning Analytics Cartridge. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of third-par...

9.1CVSS7.1AI score0.03153EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2014-3574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service CPU consumption and crash via a crafted OOXML file, a...

4.3CVSS6.9AI score0.07395EPSS
Exploits0References1
OSV
OSV
added 2025/01/25 12:3 a.m.6 views

OSV-2024-1423 Security exception in java.base/java.util.Arrays.copyOfRange

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391709145 Crash type: Security exception Crash state: java.base/java.util.Arrays.copyOfRange org.apache.poi.util.IOUtils.safelyClone org.apache.poi.ddf.EscherMetafileBlip.fillFields...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/10/11 12:14 a.m.2 views

OSV-2024-1207 Security exception in org.apache.poi.hdgf.streams.CompressedStreamStore.decompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372515093 Crash type: Security exception Crash state: org.apache.poi.hdgf.streams.CompressedStreamStore.decompress org.apache.poi.hdgf.streams.CompressedStreamStore. org.apache.poi.hdgf.streams.Stream.createStream...

7.1AI score
Exploits0References1
OSV
OSV
added 2024/10/11 12:2 a.m.5 views

OSV-2024-1199 Security exception in java.base/java.lang.Short.valueOf

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372547195 Crash type: Security exception Crash state: java.base/java.lang.Short.valueOf org.apache.poi.ddf.EscherRecordTypes.forTypeID org.apache.poi.ddf.DefaultEscherRecordFactory.getConstructor...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.7 views

PT-2024-40598 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception crash has been reported in Apache POI. The crash occurs in the java.base/java.lang.Short.valueOf function, which is called by...

7AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 9:28 a.m.36 views

Security Bulletin: IBM Operational Decision Manager for Aug 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-44487...

7.5CVSS8.4AI score0.99999EPSS
Exploits20Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.7 views

PT-2024-40876 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs due to a crash in the LZWDecompresser.decompress function. The issue is related to the decompression process in the CompressedStreamStore.decompress method...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.5 views

PT-2024-40818 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception crash has been reported. The crash occurs in the java.base/java.util.ArrayList. method, which is called by...

7AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/11 1:32 p.m.43 views

Security Bulletin: Multiple vulnerabilities affect embedded rules in IBM Business Automation Workflow

Summary Embedded rules in IBM Business Automation Workflow are affected by multiple vulnerabilities. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code o...

9.8CVSS9.3AI score0.3038EPSS
Exploits7Affected Software1
OSV
OSV
added 2023/12/13 12:3 a.m.8 views

OSV-2023-1291 Security exception in org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64979 Crash type: Security exception Crash state: org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.2 views

PT-2023-35635 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs in the BinaryRC4Decryptor component of Apache POI, specifically in the initCipherForBlock function. This issue is related to the BinaryRC4CipherInputStre clas...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/08 12:0 a.m.17 views

PT-2023-35629 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs in the javax.crypto.spec.SecretKeySpec constructor, which is called by org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock. This issue ...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/08 12:0 a.m.7 views

PT-2023-35628 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs in the Apache POI library, specifically in the org.apache.poi.hdgf.streams package. The crash is related to the findChunks and findChildren methods in the...

7AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:26 p.m.35 views

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.0 has addressed security vulnerabilities

Summary IBM Cognos Dashboards on Cloud Pak for Data 4.8.0 resolves vulnerabilities reported in the Node.js August 2023 Security Releases as well as vulnerabilities in Apache POI, Apache Shiro, Apache Commons Net, Apache Commons Codec, Eclipse Jetty, Netty, Python and Snappy-Java.Please refer to t...

9.8CVSS8.2AI score0.0326EPSS
Exploits3Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/11 12:0 a.m.4 views

PT-2023-35573 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security issue has been identified, which can cause a crash. The crash occurs in the Biff8DecryptingStream class, specifically in the isNeverEncryptedRecord and readRecordSID methods,...

7AI score
Exploits0References2
OSV
OSV
added 2023/11/07 1:0 p.m.3 views

OSV-2023-1121 Security exception in org.apache.poi.util.LZWDecompresser.decompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63925 Crash type: Security exception Crash state: org.apache.poi.util.LZWDecompresser.decompress org.apache.poi.util.LZWDecompresser.decompress org.apache.poi.hdgf.streams.CompressedStreamStore.decompress...

7.1AI score
Exploits0References1
OSV
OSV
added 2023/10/17 1:3 p.m.11 views

OSV-2023-1024 Security exception in org.apache.poi.util.IOUtils.safelyAllocate

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63288 Crash type: Security exception Crash state: org.apache.poi.util.IOUtils.safelyAllocate org.apache.poi.hssf.record.RecordInputStream.readRemainder org.apache.poi.hssf.record.UnknownRecord...

7.1AI score
Exploits0References1
Rows per page
Query Builder