GHSA-V62G-JWJ9-RFVX XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

CVE-2023-48362

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

PT-2024-13606 · Apache · Apache Drill

Name of the Vulnerable Software and Affected Versions: Apache Drill versions 1.19.0 through 1.21.1 Description: The issue allows a user to read any file on a remote file system or execute commands via a malicious XML file. This is due to an XXE vulnerability in the XML Format Plugin...

CVE-2020-23558

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptionsW+0x0000000000007f4b...

CVE-2020-23561

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptionsW+0x0000000000005722...

GHSA-Q4RF-3FHX-88PF YAML deserialization can run untrusted code

Impact An authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An...

CVE-2021-39132

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

CVE-2021-39132 YAML deserialization can run untrusted code

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

IrfanView Buffer Overflow Vulnerability (CNVD-2017-30382)

IrfanView is a Bosnia and Herzegovina software developer Irfan Skiljan developed a picture viewer, which supports image browsing, image editing, image format conversion, etc. PDF plugin is one of the PDF document reading plug-ins. IrfanView 4.44 32-bit in the PDF plugin version 4.43 there is a...

CVE-2012-1904

mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service memory corruption and application crash via a crafted MP4 file...