55 matches found
EUVD-2015-9381
Malware in sbrugna...
EUVD-2021-1404
Malware in sbrugna...
EUVD-2020-7300
Malware in sbrugna...
EUVD-2018-8154
Malware in sbrugna...
GLSA-202305-28 : snakeyaml: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-28 snakeyaml: Multiple Vulnerabilities - The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 - Using snakeYAML to parse untrusted YAML...
GHSA-RJ4P-7MM6-GM9J JBossWS vulnerable to uncontrolled recursion
DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested...
JBossWS vulnerable to uncontrolled recursion
DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested...
snakeyaml: Billion laughs attack via alias feature
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader a related issue to CVE-2003-1564.
...
CVE-2003-1564
creationtimestamp| type| source ---|---|--- 2021-06-28 16:46:05+00:00| seen| https://t.me/VulnerabilityNews/22815...
Design/Logic Flaw
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564...
CVE-2020-15303
Infoblox NIOS before 8.5.2 is affected by an XML entity-expansion vulnerability during XML upload (CVE-2020-15303). The CNVD entry indicates this stems from a program that allows entity expansion, enabling a remote attacker to read files by sending a crafted XML. The issue is fixed in 8.5.2; upgr...
snakeyaml: Billion laughs attack via alias feature
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
CVE-2017-18640
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
EulerOS 2.0 SP5 : qt (EulerOS-SA-2020-1323)
According to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to...
EulerOS 2.0 SP8 : qt (EulerOS-SA-2020-1299)
According to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to...
Design/Logic Flaw
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564...
UBUNTU-CVE-2017-18640
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
Design/Logic Flaw
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
CVE-2017-18640
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...