Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache poi vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2022-23640
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patc...
Excel Streaming Reader Project Excel Streaming Reader
632
VMScore
CVE-2017-5644
Apache POI in versions prior to release 3.15 allows remote malicious users to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Apache Poi
445
VMScore
CVE-2014-9527
HSLFSlideShow in Apache POI prior to 3.11 allows remote malicious users to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.
Fedoraproject Fedora 20
Apache Poi
445
VMScore
CVE-2012-0213
The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and previous versions allows remote malicious users to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel D...
Apache Poi 3.8
Apache Poi 3.5
Apache Poi 3.1
Apache Poi 3.0.2
Apache Poi 3.0
Apache Poi 2.5.1
Apache Poi 2.5
Apache Poi 1.10
Apache Poi 1.8
Apache Poi 1.0.1
Apache Poi 1.0.0
Apache Poi 0.5
Apache Poi 0.4
Apache Poi
Apache Poi 3.7
Apache Poi 3.6
Apache Poi 3.2
Apache Poi 3.0.1
Apache Poi 2.0
Apache Poi 1.5
Apache Poi 1.2.0
Apache Poi 0.12.0
383
VMScore
CVE-2022-26336
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an malicious user to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and ...
Apache Poi
Netapp Active Iq Unified Manager -
383
VMScore
CVE-2016-5000
The XLSX2CSV example in Apache POI prior to 3.14 allows remote malicious users to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Poi
383
VMScore
CVE-2014-3574
Apache POI prior to 3.10.1 and 3.11.x prior to 3.11-beta2 allows remote malicious users to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Apache Poi 0.1
Apache Poi 0.10.0
Apache Poi 0.4
Apache Poi 0.5
Apache Poi 1.2.0
Apache Poi 1.5
Apache Poi 2.0
Apache Poi 3.0
Apache Poi 3.0.1
Apache Poi 3.5
Apache Poi 3.7
Apache Poi 3.8
Apache Poi 0.11.0
Apache Poi 0.12.0
Apache Poi 0.6
Apache Poi 0.7
Apache Poi 1.5.1
Apache Poi 1.7
Apache Poi 2.5
Apache Poi 3.0.2
Apache Poi 3.9
Apache Poi 3.10
383
VMScore
CVE-2014-3529
The OPC SAX setup in Apache POI prior to 3.10.1 allows remote malicious users to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Poi 3.10
Apache Poi 3.9
Apache Poi 3.7
Apache Poi 3.5
Apache Poi 3.0.2
Apache Poi 2.5
Apache Poi 2.0
Apache Poi 1.5.1
Apache Poi 1.5
Apache Poi 0.7
Apache Poi 0.6
Apache Poi 0.12.0
Apache Poi 0.11.0
Apache Poi 0.10.0
Apache Poi 3.8
Apache Poi 3.1
Apache Poi 3.0
Apache Poi 1.1.0
Apache Poi 1.0.2
Apache Poi 0.3
Apache Poi 0.2
Apache Poi
189
VMScore
CVE-2019-12415
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an malicious user to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Pro...
Apache Poi
Oracle Flexcube Private Banking 12.1.0
Oracle Primavera Unifier 16.2
Oracle Banking Platform 2.4.0
Oracle Enterprise Manager Base Platform 12.1.0.5
Oracle Flexcube Private Banking 12.0.0
Oracle Banking Platform 2.4.1
Oracle Enterprise Repository 12.1.3.0.0
Oracle Banking Platform 2.5.0
Oracle Primavera Unifier 16.1
Oracle Insurance Rules Palette 10.2.0
Oracle Application Testing Suite 12.5.0.3
Oracle Webcenter Portal 12.2.1.3.0
Oracle Banking Payments 14.0.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Banking Payments 14.1.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started