CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

IBM Security Bulletins•added 2022/12/12 1:21 p.m.•68 views

Security Bulletin: Apache POI up to 4.1.0 allows an attacker while converting user-provided document to XML

Summary In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker. Vulnerability Details CVEID:CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive...

5.5CVSS7.6AI score0.00033EPSS

Exploits0Affected Software1

Github Security Blog•added 2022/05/24 4:59 p.m.•58 views

Improper Restriction of XML External Entity Reference in Apache POI

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...

5.5CVSS3.5AI score0.00033EPSS

Exploits0References15Affected Software1

OSV•added 2022/05/24 4:59 p.m.•1 views

GHSA-9JWC-Q6J3-8G9G Improper Restriction of XML External Entity Reference in Apache POI

5.5CVSS6.8AI score0.00033EPSS

Exploits0References15

RedHat Linux•added 2021/12/14 9:31 p.m.•4 views

poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem

5.5CVSS6.8AI score0.00033EPSS

Exploits0References4

RedhatCVE•added 2020/02/13 11:44 a.m.•43 views

CVE-2019-12415

5.5CVSS3.3AI score0.00033EPSS

Exploits0References3

Veracode•added 2019/10/24 7:13 a.m.•41 views

XML External Entity (XXE)

Apache Poi is vulnerable to XML external entity XXE. During the use of XSSFExportToXml tool to convert user-provided Microsoft Excel documents, it is possible for an attacker to parse a malicious Microsoft Excel document containing a reference to an external entity and perform requests on behalf ...

5.5CVSS3.7AI score0.00033EPSS

Exploits0References19Affected Software1

CNVD•added 2019/10/24 12:0 a.m.•1 views

Apache POI Information Disclosure Vulnerability

Apache POI is an open source JAVA library for reading and writing Microsoft document formats . An information disclosure vulnerability exists in Apache POI 4.1.0 and earlier versions. When converting a user-supplied Microsoft Excel document using the XSSFExportToXml tool, an attacker can exploit...

5.5CVSS5.8AI score0.00033EPSS

Exploits0References1

OSV•added 2019/10/23 8:15 p.m.•25 views

CVE-2019-12415

5.5CVSS6.8AI score

Exploits0References13

UbuntuCve•added 2019/10/23 8:15 p.m.•34 views

CVE-2019-12415

5.5CVSS6.8AI score0.00033EPSS

Exploits0References3

OSV•added 2019/10/23 8:15 p.m.•0 views

UBUNTU-CVE-2019-12415

5.5CVSS6.7AI score0.00033EPSS

Exploits0References4

Prion•added 2019/10/23 8:15 p.m.•27 views

Xxe

2.1CVSS6.8AI score0.00033EPSS

Exploits0References13Affected Software26

Cvelist•added 2019/10/23 7:27 p.m.•23 views

CVE-2019-12415

6.9AI score0.00033EPSS

Exploits0References13

CVE•added 2019/10/23 7:27 p.m.•337 views

CVE-2019-12415

CVE-2019-12415 affects Apache POI up to version 4.1.0. The vulnerability arises when using the tool XSSFExportToXml to convert user-supplied Excel documents, allowing an attacker to read local filesystem or internal network resources via XML External Entity (XXE) processing. The Connected documen...

5.5CVSS6.7AI score0.00033EPSS

Exploits0References13Affected Software1

Debian CVE•added 2019/10/23 7:27 p.m.•35 views

CVE-2019-12415

5.5CVSS6.8AI score0.00033EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by