20 matches found
CVE-2023-29046
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...
CVE-2025-64403
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...
CVE-2025-64403
CVE-2025-64403 affects Apache OpenOffice up to version 4.1.15 (Calc external data sources and other external links). Root cause is missing authorization checks that allow an attacker to craft a document to load links without prompting the user. A fix is available in OpenOffice 4.1.16. Other relat...
CVE-2025-64403 Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...
CVE-2025-64403 Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...
Apache OpenOffice 安全漏洞
Apache OpenOffice is an open source office software suite from the Apache USA Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases and more. A security vulnerability exists in Apache OpenOffice versions 4.1.15 and earlier, which stems from a lack of...
EUVD-2023-32650
Malicious code in bioql PyPI...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
CVE-2023-29046
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...
CVE-2023-29046
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...
Open-Xchange App Suite Resource Management Error Vulnerability
Open-Xchange App Suite is an e-mail and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that originates from a connection to an external data source that does not terminate upon timeout...
SUSE CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
Code injection
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
UBUNTU-CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
PT-2022-4661 · Otrs +1 · Otrs +1
Name of the Vulnerable Software and Affected Versions: OTRS affected versions not specified Description: The issue allows an attacker logged in as an admin user to manipulate the customer URL field, storing JavaScript code that can be executed later by any agent when clicking the customer URL lin...