XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the usage of improperly secured regular expressions in the scan and findCharSet methods of the XmlScanner class. By exploiting UCS-4 encoding and encoding guessing techniques, attackers can...

PT-2024-32865

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.9.4, 2.1.3, 2.3.2, and 3.4.0 Description The XmlScanner class in PhpSpreadsheet has a scan method that is intended to prevent XXE attacks. However, the regexes used in the scan method and the findCharSet meth...

SUSE CVE-2010-1666

Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...

PYSEC-2010-30

Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...