280 matches found
Apache POI 安全漏洞
Apache POI is an open source library from the Apache Foundation that provides an API for Java programs to read and write Microsoft Office format files. A security vulnerability exists in Apache POI versions prior to 5.4.0, which stems from improper input validation and could result in reading...
PT-2025-15634 · Apache +1 · Apache Poi +1
Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: The issue concerns the parsing of OOXML based files, such as xlsx and docx, by the poi-ooxml component. It can read unexpected data if the underlying zip file has duplicate zip entry...
Security Bulletin: IBM Planning Analytics Cartridge has addressed security vulnerabilities
Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Planning Analytics Cartridge. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of third-par...
Linux Distros Unpatched Vulnerability : CVE-2014-3574
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service CPU consumption and crash via a crafted OOXML file, a...
OSV-2024-1423 Security exception in java.base/java.util.Arrays.copyOfRange
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391709145 Crash type: Security exception Crash state: java.base/java.util.Arrays.copyOfRange org.apache.poi.util.IOUtils.safelyClone org.apache.poi.ddf.EscherMetafileBlip.fillFields...
OSV-2024-1207 Security exception in org.apache.poi.hdgf.streams.CompressedStreamStore.decompress
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372515093 Crash type: Security exception Crash state: org.apache.poi.hdgf.streams.CompressedStreamStore.decompress org.apache.poi.hdgf.streams.CompressedStreamStore. org.apache.poi.hdgf.streams.Stream.createStream...
OSV-2024-1199 Security exception in java.base/java.lang.Short.valueOf
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372547195 Crash type: Security exception Crash state: java.base/java.lang.Short.valueOf org.apache.poi.ddf.EscherRecordTypes.forTypeID org.apache.poi.ddf.DefaultEscherRecordFactory.getConstructor...
PT-2024-40598 · Apache · Apache Poi
Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception crash has been reported in Apache POI. The crash occurs in the java.base/java.lang.Short.valueOf function, which is called by...
Security Bulletin: IBM Operational Decision Manager for Aug 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-44487...
PT-2024-40876 · Apache · Apache Poi
Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs due to a crash in the LZWDecompresser.decompress function. The issue is related to the decompression process in the CompressedStreamStore.decompress method...
PT-2024-40818 · Apache · Apache Poi
Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception crash has been reported. The crash occurs in the java.base/java.util.ArrayList. method, which is called by...
Security Bulletin: Multiple vulnerabilities affect embedded rules in IBM Business Automation Workflow
Summary Embedded rules in IBM Business Automation Workflow are affected by multiple vulnerabilities. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code o...
OSV-2023-1291 Security exception in org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64979 Crash type: Security exception Crash state: org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock...
PT-2023-35635 · Apache · Apache Poi
Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs in the BinaryRC4Decryptor component of Apache POI, specifically in the initCipherForBlock function. This issue is related to the BinaryRC4CipherInputStre clas...
PT-2023-35629 · Apache · Apache Poi
Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs in the javax.crypto.spec.SecretKeySpec constructor, which is called by org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock. This issue ...
PT-2023-35628 · Apache · Apache Poi
Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs in the Apache POI library, specifically in the org.apache.poi.hdgf.streams package. The crash is related to the findChunks and findChildren methods in the...
Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.0 has addressed security vulnerabilities
Summary IBM Cognos Dashboards on Cloud Pak for Data 4.8.0 resolves vulnerabilities reported in the Node.js August 2023 Security Releases as well as vulnerabilities in Apache POI, Apache Shiro, Apache Commons Net, Apache Commons Codec, Eclipse Jetty, Netty, Python and Snappy-Java.Please refer to t...
PT-2023-35573 · Apache · Apache Poi
Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security issue has been identified, which can cause a crash. The crash occurs in the Biff8DecryptingStream class, specifically in the isNeverEncryptedRecord and readRecordSID methods,...
OSV-2023-1121 Security exception in org.apache.poi.util.LZWDecompresser.decompress
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63925 Crash type: Security exception Crash state: org.apache.poi.util.LZWDecompresser.decompress org.apache.poi.util.LZWDecompresser.decompress org.apache.poi.hdgf.streams.CompressedStreamStore.decompress...
OSV-2023-1024 Security exception in org.apache.poi.util.IOUtils.safelyAllocate
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63288 Crash type: Security exception Crash state: org.apache.poi.util.IOUtils.safelyAllocate org.apache.poi.hssf.record.RecordInputStream.readRemainder org.apache.poi.hssf.record.UnknownRecord...