11 matches found
EUVD-2017-0720
Malware in sbrugna...
EUVD-2022-3731
Malicious code in bioql PyPI...
LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection
Description The LocalS3 project, which implements an S3-compatible storage interface, contains a critical XML External Entity XXE Injection vulnerability in its XML parsing functionality. When processing XML requests for multipart upload operations, the application accepts and processes XML...
CVE-2017-0366
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...
Design/Logic Flaw
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...
Default configuration
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
UBUNTU-CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...