UBUNTU-CVE-2021-23418

The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...

OESA-2021-1261 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the...

jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.

A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external...

Jenkins code issue vulnerability (CNVD-2021-49058)

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A code issue vulnerability exists in Jenkins Selenium HTML report Plugin 1.0 and earlier versions that stems from the...

PT-2021-14685 · Jenkins · Jenkins Config File Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.7.0 and earlier Description: The issue allows attackers with the ability to define Maven configuration files to have Jenkins parse a crafted configuration file that uses external entities for...

jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...

DEBIAN-CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

PYSEC-2021-34

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries...

Vulnerability fixed in IBM WebSphere Application Server

IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. An external attacker can exploit this security vulnerability to obtain obtain sensitive information. IBM has released updates to fix the vulnerability. For more information, see...

Nokogiri Code Issue Vulnerability

Nokogiri is an open source software library for parsing HTML and XML in Ruby . A code issue vulnerability exists in versions prior to Nokogiri 1.11.0.rc4 that allows access to external resources over the network, potentially leading to XXE or SSRF attacks. No detailed vulnerability details are...

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

DEBIAN-CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...

Cloudbees Jenkins 代码问题漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...

CVE-2020-7328

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO...

CVE-2020-7328 Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO...

CVE-2020-7328

Summary (CVE-2020-7328): McAfee MVISION Endpoint’s ePO extension is affected prior to version 20.11. The issue is a server-side input validation flaw that permits a remote attacker to load attack content into ePO and potentially gain control of a resource or trigger arbitrary code execution via H...

PT-2020-15549 · Jenkins · Jenkins Visualworks Store Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Visualworks Store Plugin versions 1.1.3 and earlier Description: The issue allows attackers with the ability to control the output of a script that runs Visualworks with StoreCI, or able to control an agent process, to have Jenkins...

jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...

CVE-2020-15232 XML External Entity attack in mapfish-print

In mapfish-print before version 3.24, a user can do to an XML External Entity XXE attack with the provided SDL style...

CVE-2020-14029

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files...