Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-0798

Malware in sbrugna...

7.5CVSS7.5AI score0.01687EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 8:0 a.m.8 views

CVE-2018-20000

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...

7.5CVSS6.6AI score0.01687EPSS
Exploits0References1
OSV
OSV
added 2018/12/19 7:24 p.m.1 views

GHSA-5P52-J8PW-J7X5 Improper Restriction of XML External Entity Reference in bedework:bw-webdav

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...

7.5CVSS7.1AI score0.01687EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2018/12/19 7:24 p.m.4 views

org.bedework.bwwebcl:bw-calendar-client-appcommon (=3.12.0), org.bedework.bwwebcl:bw-calendar-client-ear (=3.12.0) +33 more potentially affected by CVE-2018-20000 via org.bedework:bw-webdav (>=4.0.1 <=4.0.2)

org.bedework:bw-webdav MAVEN version =4.0.1, =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.bedework:bw-webdav and may be impacted: - org.bedework.bwwebcl:bw-calendar-client-appcommon =3.12.0 - org.bedework.bwwebcl:bw-calendar-client-ear...

7.5CVSS7.1AI score0.01687EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/12/19 7:24 p.m.41 views

Improper Restriction of XML External Entity Reference in bedework:bw-webdav

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...

7.5CVSS2.8AI score0.01687EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2018/12/10 2:29 a.m.12 views

Design/Logic Flaw

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...

5CVSS7.4AI score0.01687EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/12/10 2:29 a.m.13 views

CVE-2018-20000

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...

7.5CVSS6.6AI score
Exploits0References2
NVD
NVD
added 2018/12/10 2:29 a.m.21 views

CVE-2018-20000

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...

7.5CVSS7.4AI score0.01687EPSS
Exploits0References2
CVE
CVE
added 2018/12/10 2:0 a.m.76 views

CVE-2018-20000

Apereo Bedework bw-webdav contains an XML External Entity (XXE) vulnerability (CVE-2018-20000) in versions before 4.0.3. The issue arises in the XML parsing code paths used by a webdav servlet (notably MethodBase.java and PostRequestPars.java), allowing an attacker to read local files via special...

7.5CVSS7.3AI score0.01687EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/12/10 2:0 a.m.27 views

CVE-2018-20000

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...

7.4AI score0.01687EPSS
Exploits0References2
CNVD
CNVD
added 2018/12/10 12:0 a.m.5 views

Apereo Bedework bw-webdav XML External Entity Injection Vulnerability

Apereo Bedework bw-webdav is a general purpose webdav server. It is primarily used to interact with the backend to access resources. A security vulnerability exists in Apereo Bedework bw-webdav versions prior to 4.0.3. An attacker can exploit this vulnerability to perform an XML external entity...

7.5CVSS7.5AI score0.01687EPSS
Exploits0References1
Rows per page
Query Builder