15 matches found
EUVD-2020-17906
Malware in sbrugna...
EUVD-2020-17905
Malware in sbrugna...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
CVE-2020-25215
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document...
docs.yworks.com Cross Site Scripting vulnerability OBB-3851237
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
yWorks yEd Desktop Remote Code Execution (CVE-2020-25216)
A remote code execution vulnerability exists in yWorks yEd Desktop. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
yWorks yEd XXE Vulnerability
yWorks yEd is a graphical editor desktop application. A XXE vulnerability exists in versions prior to yWorks yEd 3.20.1. The vulnerability can be exploited by an attacker to conduct XXE attacks via XML or GraphML documents...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
CVE-2020-25215
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document...
Design/Logic Flaw
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
Design/Logic Flaw
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document...
CVE-2020-25215
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 is affected by a code execution vulnerability triggered by an XSL Transformation when processing an XML file with a custom stylesheet. The root cause is an XSLT processing path that allows arbitrary code execution in the context of the affected application. Affect...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
CVE-2020-25215
The CVE-2020-25215 entry affects yWorks yEd Desktop prior to version 3.20.1 and is caused by an XML External Entity (XXE) vulnerability in XML/GraphML processing. Reported impact indicates XXE could be exploited via crafted documents, enabling unintended access or disclosure consistent with XXE c...