CVE-2022-31471

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files...

CVE-2019-18646

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user...

CVE-2019-18647

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...

EUVD-2019-8367

Malware in sbrugna...

EUVD-2020-9443

Malware in sbrugna...

EUVD-2019-8366

Malware in sbrugna...

EUVD-2019-8365

Malware in sbrugna...

EUVD-2019-8368

Malware in sbrugna...

EUVD-2022-0349

Malicious code in bioql PyPI...

EUVD-2022-0350

Malicious code in bioql PyPI...

CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

CVE-2019-18649

When logged in as an admin user, the Title input field under Reports within Untangle NG firewall 14.2.0 is vulnerable to stored XSS...

CVE-2019-18648

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields...

bda-chatbot (>=0.0.1 <=1.0.0), cloudbase-init (>=1.1.0 <=1.1.2) +2 more potentially affected by CVE-2022-33977 via untangle (=1.1.1)

untangle PYPI version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on untangle and may be impacted: - bda-chatbot =0.0.1, =1.1.0, =0.1.2, =1.0.0, =1.0.1 Source cves: CVE-2022-33977 Source advisory: OSV:GHSA-7XR3-6GGC-WC9P...

GHSA-7XR3-6GGC-WC9P untangle vulnerable to XML Entity Expansion

Impact An attacker may be able to cause a denial-of-service DoS condition on the server on which the product is running. This affects untangle versions up to and including 1.2.0 Patches The problem has been fixed with version 1.2.1 Workarounds None References https://jvn.jp/en/jp/JVN30454777/ For...

untangle vulnerable to XML Entity Expansion

Impact An attacker may be able to cause a denial-of-service DoS condition on the server on which the product is running. This affects untangle versions up to and including 1.2.0 Patches The problem has been fixed with version 1.2.1 Workarounds None References https://jvn.jp/en/jp/JVN30454777/ For...

bda-chatbot (>=0.0.1 <=1.0.0), cloudbase-init (>=1.1.0 <=1.1.2) +2 more potentially affected by CVE-2022-31471 via untangle (=1.1.1)

untangle PYPI version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on untangle and may be impacted: - bda-chatbot =0.0.1, =1.1.0, =0.1.2, =1.0.0, =1.0.1 Source cves: CVE-2022-31471 Source advisory: OSV:GHSA-F83Q-2CP7-QRJG...

untangle vulnerable to Improper Restriction of XML External Entity Reference

Description untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. Impact An attacker may...

GHSA-F83Q-2CP7-QRJG untangle vulnerable to Improper Restriction of XML External Entity Reference

Description untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. Impact An attacker may...

DEBIAN-CVE-2022-31471

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files...