Vulnerabilities > Stanford

DATE CVE VULNERABILITY TITLE RISK
2023-07-28 CVE-2023-39020 Code Injection vulnerability in Stanford Parser
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream.
network
low complexity
stanford CWE-94
critical
9.8
2022-02-24 CVE-2021-44550 Injection vulnerability in Stanford Corenlp 4.3.2
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
network
low complexity
stanford CWE-74
7.5
2022-01-17 CVE-2022-0239 XXE vulnerability in Stanford Corenlp
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
network
low complexity
stanford CWE-611
7.5
2022-01-13 CVE-2022-0198 XXE vulnerability in Stanford Corenlp
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
network
stanford CWE-611
5.8
2021-10-19 CVE-2021-3869 XXE vulnerability in Stanford Corenlp
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
network
low complexity
stanford CWE-611
5.0
2021-10-15 CVE-2021-3878 XXE vulnerability in Stanford Corenlp
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
network
low complexity
stanford CWE-611
7.5
2019-12-03 CVE-2013-2106 Insufficiently Protected Credentials vulnerability in multiple products
webauth before 4.6.1 has authentication credential disclosure
network
low complexity
stanford debian CWE-522
5.0
2009-09-15 CVE-2009-2945 Credentials Management vulnerability in Stanford Webauth 3.5.5/3.6.0/3.6.1
weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
network
stanford CWE-255
4.3