IBM DataPower Gateway 代码问题漏洞

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...

liquibase: Improper Restriction of XML External Entity

A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...

CVE-2022-32285

A vulnerability has been identified in Mendix SAML Module Mendix 7 compatible All versions V1.16.6, Mendix SAML Module Mendix 8 compatible All versions V2.2.2, Mendix SAML Module Mendix 9 compatible All versions V3.2.3. The affected module is vulnerable to XML External Entity XXE attacks due to...

CVE-2021-45981

NetScout nGeniusONE 6.3.2 allows an XML External Entity XXE attack...

CVE-2021-45981

NetScout nGeniusONE 6.3.2 allows an XML External Entity XXE attack...

CVE-2022-31261

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker ca...

PT-2022-20428 · Jenkins · Jenkins Storable Configs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: The issue arises from the plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have...

Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

CVE-2022-24449

Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document...

Nokogiri is vulnerable to XML External Entity (XXE) attack

Nokogiri before 1.5.4 is vulnerable to XXE attacks...

CVE-2022-28155

Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-28154

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-28140

Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-24340

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible...

GHSA-MH83-JCW5-RJH8 XML External Entity Reference in edu.stanford.nlp:stanford-corenlp

The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...

CVE-2021-21701

Summary: CVE-2021-21701 affects Jenkins Performance Plugin 3.20 and earlier. The root cause is an XML parser not configured to prevent XML External Entity (XXE) attacks. What’s affected: the Performance Plugin in Jenkins; versions ≤ 3.20. Impact (as described in connected sources): an attacker wi...

PT-2021-23881 · Jenkins · Jenkins Pom2Config Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins pom2config Plugin versions 1.2 and earlier Description: The issue allows attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the...

CVE-2021-41770

Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure...

The vulnerability of the mailboxd component (Autodiscover/Autodiscover.xml) in the Zimbra Collaboration Suite enterprise email management system allows a hacker to execute an XXE attack.

The vulnerability of the mailboxd component Autodiscover/Autodiscover.xml in the Zimbra Collaboration Suite enterprise email management system is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to execute an XXE atta...

CVE-2020-26564

ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have !ENTITY content, create a .xml file for a generic survey template containing a link to this .css file, and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey'importFile'...