8 matches found
XML Eexternal Entity (XXE) Injection
tuxguitar is vulnerable to XML Eexternal Entity XXE Injection. An attacker is able to exploit a flaw in the way that TuxGuitar parses XML files to load GP6 and GP7 tablature files. The attacker can then trick a user into opening a specially crafted GP6 or GP7 file, which would cause TuxGuitar to...
CVE-2020-14940
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...
DEBIAN-CVE-2020-14940
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...
CVE-2020-14940
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...
UBUNTU-CVE-2020-14940
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...
Code injection
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...
CVE-2020-14940
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...
CVE-2020-14940
CVE-2020-14940 affects TuxGuitar 1.5.4, specifically io/gpx/GPXDocumentReader.java, where misconfigured XML parsers cause an XXE when loading GP6 (.gpx) and GP7 (.gp) tablature files. Exploitation details or fixes are not provided in the connected documents; the NVD entry lists CVSSv3.1 base scor...