33 matches found
DOMPurify 安全漏洞
DOMPurify is a JavaScript-based tool developed by Cure53’s individual developer, designed for use with HTML, MathML, and SVG documents. Versions 3.1.3 to 3.3.1 and 2.5.3 to 2.5.8 of DOMPurify contain security vulnerabilities. These vulnerabilities stem from the lack of handling for five specific...
EUVD-2014-2773
Malware in sbrugna...
EUVD-2014-2771
Malware in sbrugna...
EUVD-2014-2770
Malware in sbrugna...
EUVD-2014-2772
Malware in sbrugna...
EUVD-2022-2659
Malicious code in bioql PyPI...
EUVD-2022-4285
Malicious code in bioql PyPI...
CVE-2025-7519 Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account i...
CVE-2014-2829
Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...
PT-2025-16925 · Visicut · Visicut
Name of the Vulnerable Software and Affected Versions: VisiCut version 2.1 Description: The issue is related to insecure deserialization, where VisiCut 2.1 allows stack consumption via an XML document with nested set elements. This can be demonstrated by a java.util.HashMap StackOverflowError whe...
CVE-2023-43755
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network request...
CVE-2023-3959
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently...
Stack overflow
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not...
CVE-2023-3959 Zavio IP Camera Stack-Based Buffer Overflow
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently...
CVE-2023-43755 Zavio IP Camera Stack-Based Buffer Overflow
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network request...
SUSE CVE-2012-5614
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service mysqld crash via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements...
SUSE SLED15 / SLES15 Security Update : librsvg (SUSE-SU-2020:0629-1)
This update for librsvg to version 2.42.8 fixes the following issues : librsvg was updated to version 2.42.8 fixing the following issues : CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...
librsvg2 -- multiple vulnerabilities
Librsvg2 developers reports: Backport the following fixes from 2.46.x: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...
CVE-2019-4539
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812...
Access Restriction Bypass
JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements. Refer to the 6.0.1 Release Notes for information on the...