5079 matches found
[SECURITY] Fedora 34 Update: libxls-1.6.2-5.fc34
This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...
[SECURITY] Fedora 33 Update: libxls-1.6.2-5.fc33
This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...
Dell EMC CloudLink CSV Formula Injection Vulnerability
Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.A CSV formula injection vulnerability exists in Dell EMC CloudLink 7.1 and earlier versions, which can be exploited by remote, high-privilege attacker...
CVE-2021-41270: Prevent CSV Injection via formulas
Description CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program opens a CSV, any cell starting with = is interpreted by the software as a formula and could be abused by an attacker. In Symfony 4.1, we've added the...
CVE-2021-36334
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine...
CVE-2021-24812
The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV...
CVE-2021-24812
The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV...
Design/Logic Flaw
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine...
Cross site scripting
The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV...
CVE-2021-36334
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine...
CVE-2021-36334
Summary: CVE-2021-36334 affects Dell EMC CloudLink (7.1 and earlier). The vulnerability is a CSV formula injection in CloudLink, enabling a remote attacker with high privileges to potentially achieve arbitrary code execution on end-user machines. What’s affected: Dell EMC CloudLink 7.1 and earlie...
CVE-2021-24812
The CVE-2021-24812 entry concerns the WordPress BetterLinks plugin (versions before 1.2.6). The vulnerability arises because imported link fields are not properly sanitised/escaped, enabling Stored Cross-Site Scripting when an admin imports a malicious CSV. Public details across sources confirm t...
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilities. These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 70. Vulnerability Details CVEID: CVE-2021-3647 DESCRIPTION: Medialize URI.js...
[SECURITY] Fedora 33 Update: rpki-client-7.5-1.fc33
The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...
[SECURITY] Fedora 34 Update: rpki-client-7.5-1.fc34
The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...
CVE-2021-41270: Prevent CSV Injection via formulas
More info at https://symfony.com/cve-2021-41270...
CVE-2021-41270: Prevent CSV Injection via formulas
More info at https://symfony.com/cve-2021-41270...
Fedora: Security Advisory for rpki-client (FEDORA-2021-5b8d0d36bf)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
November 9, 2021—KB5007245 (Security-only update)
November 9, 2021—KB5007245 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. Important: Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July...
Cross site scripting
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...