Lucene search
K

8 matches found

Veracode
Veracode
added 2023/11/10 12:11 a.m.13 views

XML Eexternal Entity (XXE) Injection

tuxguitar is vulnerable to XML Eexternal Entity XXE Injection. An attacker is able to exploit a flaw in the way that TuxGuitar parses XML files to load GP6 and GP7 tablature files. The attacker can then trick a user into opening a specially crafted GP6 or GP7 file, which would cause TuxGuitar to...

7.5CVSS7.1AI score0.03591EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2020/06/23 10:15 a.m.4 views

DEBIAN-CVE-2020-14940

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...

7.5CVSS7.3AI score0.03591EPSS
Exploits1References1
NVD
NVD
added 2020/06/23 10:15 a.m.16 views

CVE-2020-14940

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...

7.5CVSS0.03591EPSS
Exploits1References2
Prion
Prion
added 2020/06/23 10:15 a.m.13 views

Code injection

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...

5CVSS7.5AI score0.03591EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/06/23 10:15 a.m.3 views

UBUNTU-CVE-2020-14940

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...

7.5CVSS7.1AI score0.03591EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2020/06/23 10:15 a.m.24 views

CVE-2020-14940

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...

7.5CVSS7.1AI score0.03591EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2020/06/23 9:56 a.m.19 views

CVE-2020-14940

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...

7.5CVSS7.5AI score0.03591EPSS
Exploits1
CVE
CVE
added 2020/06/23 9:56 a.m.42 views

CVE-2020-14940

CVE-2020-14940 affects TuxGuitar 1.5.4, specifically io/gpx/GPXDocumentReader.java, where misconfigured XML parsers cause an XXE when loading GP6 (.gpx) and GP7 (.gp) tablature files. Exploitation details or fixes are not provided in the connected documents; the NVD entry lists CVSSv3.1 base scor...

7.5CVSS7.4AI score0.03591EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder