• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-91

CVE-2020-29599

February 26, 2023 by

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.

CVE-2020-29128

February 26, 2023 by

petl before 1.68, in some configurations, allows resolution of entities in an XML document.

CVE-2020-25216

February 26, 2023 by

yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet.

CVE-2020-11535

February 26, 2023 by

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-controlled parameter into the x2t binary, to rewrite this binary and/or libxcb.so.1, and execute code on a victim’s server.

CVE-2020-0646

February 26, 2023 by

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ‘.NET Framework Remote Code Execution Injection Vulnerability’.

CVE-2019-9892

February 26, 2023 by

An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to page 5
  • Interim pages omitted …
  • Go to page 10
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE