Vulnerabilities > Stanford
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-28 | CVE-2023-39020 | Code Injection vulnerability in Stanford Parser 3.9.2 stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. | 9.8 |
| 2022-02-24 | CVE-2021-44550 | Injection vulnerability in Stanford Corenlp 4.3.2 An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). | 7.5 |
| 2022-01-17 | CVE-2022-0239 | XXE vulnerability in Stanford Corenlp corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 7.5 |
| 2022-01-13 | CVE-2022-0198 | XXE vulnerability in Stanford Corenlp corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 5.8 |
| 2021-10-19 | CVE-2021-3869 | XXE vulnerability in Stanford Corenlp corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 5.0 |
| 2021-10-15 | CVE-2021-3878 | XXE vulnerability in Stanford Corenlp corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 7.5 |
| 2019-12-03 | CVE-2013-2106 | Insufficiently Protected Credentials vulnerability in multiple products webauth before 4.6.1 has authentication credential disclosure | 5.0 |
| 2009-09-15 | CVE-2009-2945 | Credentials Management vulnerability in Stanford Webauth 3.5.5/3.6.0/3.6.1 weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | 4.3 |