Lucene search
K

5079 matches found

Prion
Prion
added 2021/10/12 3:15 p.m.19 views

Input validation

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...

9.3CVSS9.8AI score0.01987EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/10/12 2:3 p.m.17 views

CVE-2021-38180

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...

10AI score0.01987EPSS
Exploits0References2
CVE
CVE
added 2021/10/12 2:3 p.m.55 views

CVE-2021-38180

SAP Business One 10.0 is vulnerable to CSV injection during data export. The root cause is improper sanitation of exported data, enabling an attacker to inject formulas in CSV exports. If a victim opens the CSV in Excel with macros enabled and the security settings allow command execution, this c...

9.8CVSS9.1AI score0.01987EPSS
Exploits0References2Affected Software1
Microsoft KB
Microsoft KB
added 2021/10/12 7:0 a.m.56 views

October 12, 2021—KB5006728 (Security-only update)

October 12, 2021—KB5006728 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. Important: Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support...

8.8CVSS8AI score0.73381EPSS
Exploits11
vulnersOsv
vulnersOsv
added 2021/10/11 3:10 p.m.6 views

@questwork/authenticator (>=0.1.0 <=0.1.5), @questwork/qw-service-tools (>=0.0.8 <=0.1.4) +22 more potentially affected by CVE-2021-23561 via comb (>=0.0.6 <=2.0.0)

comb NPM version =0.0.6, =0.1.0, =0.0.8, =0.0.1, =1.0.3, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-23561 Source advisory: SNYK:JS-COMB-1730083...

9.8CVSS7.2AI score0.01171EPSS
Exploits1
VMware
VMware
added 2021/10/10 12:0 a.m.47 views

VMSA-2021-0022:VMware vRealize Log Insight updates address CSV injection vulnerability

Advisory ID: VMSA-2021-0022 CVSSv3 Range: 6.5 Issue Date:2021-10-12 Updated On: 2021-10-12 Initial Advisory CVEs: CVE-2021-22035 Synopsis: VMware vRealize Log Insight updates address CSV injection vulnerability CVE-2021-22035 RSS Feed Download PDF Download Text File Share this page on social medi...

4.3CVSS4.8AI score0.00553EPSS
Exploits0References24Affected Software3
NVD
NVD
added 2021/10/06 6:15 p.m.9 views

CVE-2021-41128

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...

9.1CVSS0.01257EPSS
Exploits0References5
OSV
OSV
added 2021/10/06 6:15 p.m.18 views

CVE-2021-41128

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...

8.8CVSS7.1AI score
Exploits0References5
Prion
Prion
added 2021/10/06 6:15 p.m.12 views

Input validation

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...

6.5CVSS8.8AI score0.01257EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/06 5:47 p.m.33 views

Denial of Service (DoS) in mongo-express

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

7.5CVSS3.8AI score0.00878EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/10/06 5:35 p.m.12 views

CVE-2021-41128 CSV Injection Vulnerability in Hygeia

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...

9.1CVSS9.5AI score0.01257EPSS
Exploits0References5
CVE
CVE
added 2021/10/06 5:35 p.m.43 views

CVE-2021-41128

Hygeia CSV Exports (Statistics & BAG MED) are vulnerable to CSV injection due to lack of validation/sanitization of formula fields in affected versions. Malicious input in exported fields can be executed when ingested. The issue has been fixed in version 1.30.4; upgrading is advised. No workaroun...

9.1CVSS8.9AI score0.01257EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/10/04 8:12 p.m.5 views

GHSA-XRPJ-F9V6-2332 CSV injection in Craft CMS

Withdrawn Duplicate of GHSA-h7vq-5qgw-jwwq...

8.8CVSS8.8AI score0.01329EPSS
Exploits0References6
Veracode
Veracode
added 2021/10/01 7:35 a.m.14 views

CSV Injection

craftcms/cms is vulnerable to CSV injection. Lack of some sanity/escaping check prior to inserting the data to the CSV document allows an attacker to inject malicious input...

8.8CVSS3.4AI score0.01329EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/09/30 8:50 p.m.22 views

GHSA-663J-RJCR-789F CSV injection in shuup

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

8CVSS8.6AI score0.01051EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/09/30 8:50 p.m.44 views

CSV injection in shuup

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

8.8CVSS3.6AI score0.01051EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/09/30 4:15 p.m.11 views

CVE-2021-24016

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...

9.3CVSS0.00488EPSS
Exploits0References1
OSV
OSV
added 2021/09/30 4:15 p.m.6 views

CVE-2021-24016

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...

6.3CVSS6AI score0.00488EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/09/30 3:18 p.m.8 views

CVE-2021-24016

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...

3.7CVSS7.7AI score0.00488EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/30 3:18 p.m.14 views

CVE-2021-24016

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...

3.7CVSS6.9AI score0.00488EPSS
Exploits0References1
Rows per page
Query Builder