Lucene search
K

5079 matches found

Fedora
Fedora
added 2021/11/24 1:10 a.m.24 views

[SECURITY] Fedora 34 Update: libxls-1.6.2-5.fc34

This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...

6.5CVSS6.4AI score0.01122EPSS
Exploits0
Fedora
Fedora
added 2021/11/24 1:2 a.m.38 views

[SECURITY] Fedora 33 Update: libxls-1.6.2-5.fc33

This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...

6.5CVSS6.4AI score0.01122EPSS
Exploits0
CNVD
CNVD
added 2021/11/24 12:0 a.m.18 views

Dell EMC CloudLink CSV Formula Injection Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.A CSV formula injection vulnerability exists in Dell EMC CloudLink 7.1 and earlier versions, which can be exploited by remote, high-privilege attacker...

6.8CVSS4.7AI score0.00703EPSS
Exploits0References1
Symfony
Symfony
added 2021/11/24 12:0 a.m.38 views

CVE-2021-41270: Prevent CSV Injection via formulas

Description CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program opens a CSV, any cell starting with = is interpreted by the software as a formula and could be abused by an attacker. In Symfony 4.1, we've added the...

6.5CVSS6.2AI score0.01355EPSS
Exploits0
NVD
NVD
added 2021/11/23 8:15 p.m.15 views

CVE-2021-36334

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine...

6.8CVSS0.00703EPSS
Exploits0References1
NVD
NVD
added 2021/11/23 8:15 p.m.13 views

CVE-2021-24812

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV...

5.4CVSS0.00604EPSS
Exploits2References1
OSV
OSV
added 2021/11/23 8:15 p.m.4 views

CVE-2021-24812

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV...

5.4CVSS6.1AI score0.00604EPSS
Exploits2References1
Prion
Prion
added 2021/11/23 8:15 p.m.16 views

Design/Logic Flaw

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine...

6CVSS7AI score0.00703EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/23 8:15 p.m.13 views

Cross site scripting

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV...

3.5CVSS5.3AI score0.00604EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/23 8:0 p.m.11 views

CVE-2021-36334

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine...

5.9CVSS7.2AI score0.00703EPSS
Exploits0References1
CVE
CVE
added 2021/11/23 8:0 p.m.42 views

CVE-2021-36334

Summary: CVE-2021-36334 affects Dell EMC CloudLink (7.1 and earlier). The vulnerability is a CSV formula injection in CloudLink, enabling a remote attacker with high privileges to potentially achieve arbitrary code execution on end-user machines. What’s affected: Dell EMC CloudLink 7.1 and earlie...

6.8CVSS6.9AI score0.00703EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/11/23 7:16 p.m.49 views

CVE-2021-24812

The CVE-2021-24812 entry concerns the WordPress BetterLinks plugin (versions before 1.2.6). The vulnerability arises because imported link fields are not properly sanitised/escaped, enabling Stored Cross-Site Scripting when an admin imports a malicious CSV. Public details across sources confirm t...

5.4CVSS5.2AI score0.00604EPSS
Exploits2References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/23 3:54 p.m.53 views

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilities. These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 70. Vulnerability Details CVEID: CVE-2021-3647 DESCRIPTION: Medialize URI.js...

9.3CVSS9.3AI score0.10608EPSS
Exploits6Affected Software1
Fedora
Fedora
added 2021/11/18 1:57 a.m.18 views

[SECURITY] Fedora 33 Update: rpki-client-7.5-1.fc33

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

7AI score
Exploits0
Fedora
Fedora
added 2021/11/18 1:7 a.m.17 views

[SECURITY] Fedora 34 Update: rpki-client-7.5-1.fc34

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

7AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2021/11/15 10:47 a.m.34 views

CVE-2021-41270: Prevent CSV Injection via formulas

More info at https://symfony.com/cve-2021-41270...

6.5CVSS7.2AI score0.01355EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/11/15 10:47 a.m.49 views

CVE-2021-41270: Prevent CSV Injection via formulas

More info at https://symfony.com/cve-2021-41270...

6.5CVSS7.2AI score0.01355EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/11/14 12:0 a.m.10 views

Fedora: Security Advisory for rpki-client (FEDORA-2021-5b8d0d36bf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Microsoft KB
Microsoft KB
added 2021/11/09 8:0 a.m.80 views

November 9, 2021—KB5007245 (Security-only update)

November 9, 2021—KB5007245 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. Important: Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July...

8.8CVSS7AI score0.74265EPSS
Exploits10
Prion
Prion
added 2021/11/08 6:15 p.m.10 views

Cross site scripting

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder