cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-12400,https://securityvulnerability.io/vulnerability/CVE-2019-12400,,"In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.",Apache,Apache Santuario - Xml Security For Java,5.5,MEDIUM,0.0020200000144541264,false,,false,false,false,,,false,false,,2019-08-23T20:30:33.000Z,0
CVE-2014-8152,https://securityvulnerability.io/vulnerability/CVE-2014-8152,,Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.,Apache,Santuario Xml Security For Java,,,0.0022100000642240047,false,,false,false,false,,,false,false,,2015-01-21T18:00:00.000Z,0
CVE-2013-4517,https://securityvulnerability.io/vulnerability/CVE-2013-4517,,"Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.",Apache,Santuario Xml Security For Java,,,0.05793999880552292,false,,false,false,false,,,false,false,,2014-01-11T01:00:00.000Z,0
CVE-2013-2172,https://securityvulnerability.io/vulnerability/CVE-2013-2172,,"jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak ""canonicalization algorithm to apply to the SignedInfo part of the Signature.""",Apache,Santuario Xml Security For Java,,,0.005350000225007534,false,,false,false,false,,,false,false,,2013-08-20T22:00:00.000Z,0