16 matches found
EUVD-2020-17905
Malware in sbrugna...
EUVD-2020-17906
Malware in sbrugna...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
CVE-2020-25215
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document...
docs.yworks.com Cross Site Scripting vulnerability OBB-3851237
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
yWorks yEd Desktop Remote Code Execution (CVE-2020-25216)
A remote code execution vulnerability exists in yWorks yEd Desktop. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
yWorks yEd XXE Vulnerability
yWorks yEd is a graphical editor desktop application. A XXE vulnerability exists in versions prior to yWorks yEd 3.20.1. The vulnerability can be exploited by an attacker to conduct XXE attacks via XML or GraphML documents...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
CVE-2020-25215
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document...
Design/Logic Flaw
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
Design/Logic Flaw
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
CVE-2020-25215
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 is affected by a code execution vulnerability triggered by an XSL Transformation when processing an XML file with a custom stylesheet. The root cause is an XSLT processing path that allows arbitrary code execution in the context of the affected application. Affect...
CVE-2020-25215
The CVE-2020-25215 entry affects yWorks yEd Desktop prior to version 3.20.1 and is caused by an XML External Entity (XXE) vulnerability in XML/GraphML processing. Reported impact indicates XXE could be exploited via crafted documents, enabling unintended access or disclosure consistent with XXE c...
The vulnerability of the YWorksLayouter component of the SAP NetWeaver software integration platform allows a perpetrator to access confidential information or cause service failures.
The vulnerability of the YWorksLayouter component of the SAP NetWeaver software integration platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information or cause service...