CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2014-3630
https://notcve.org/view.php?id=CVE-2014-3630
29 Dec 2017 — XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data. Vulnerabilidad de XEE (XML External Entity) en la funcionalidad de procesamiento de Java XML en Play, en versiones anteriores a la 2.2.6 y versiones 2.3.x anteriores a la 2.3.5, podría permitir a atacantes remotos leer archivos arbitrarios, provocar u... • https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 3%CPEs: 110EXPL: 0CVE-2015-2156
https://notcve.org/view.php?id=CVE-2015-2156
18 Oct 2017 — Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters. Netty en versiones anteriores a la 3.9.8.Final, 3.10.x anteriores a la 3.10.3.Final, 4.0.x anteriores a la 4.0.28.Final y 4.1.x anteriores a la 4.1.0.Beta5 y Play Framework 2.x en versiones ante... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html • CWE-20: Improper Input Validation •