Lucene search
K

98 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:7 a.m.9 views

CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

7.5CVSS6.5AI score0.00807EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/01/17 12:0 a.m.10 views

Ubuntu 24.10 : libxml2 vulnerability (USN-7215-1)

The remote Ubuntu 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7215-1 advisory. Xisco Fauli discovered that libxml2 incorrectly handled custom SAX handlers. A remote attacker could possibly use this issue to perform XML External Entity XXE attack...

9.1CVSS7.1AI score0.01192EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.21 views

RHEL 6 : pki-core (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access...

7.6AI score0.85323EPSS
Exploits4References6
OSV
OSV
added 2024/04/16 12:0 a.m.28 views

CVE-2024-3572 XML External Entity (XXE) Vulnerability in scrapy/scrapy

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

7.5CVSS7.1AI score0.00807EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/12/13 6:31 p.m.25 views

Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

5.4CVSS6.8AI score0.0044EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2023/08/03 9:14 p.m.20 views

CVE-2023-37497 An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks XXE against the backend service...

8.1CVSS8.8AI score0.00443EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/05/24 9:15 p.m.4 views

CVE-2022-41221

The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client Versions 16.2.3, 21.2, and older versions could upload XML files to the application that it did not sufficiently validate. As a result,...

7.1CVSS5.8AI score0.003EPSS
Exploits1References2
OSV
OSV
added 2023/04/13 7:15 p.m.4 views

CVE-2023-26264

All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity XXE attacks in the license parsing code...

5.5CVSS5.8AI score0.00211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.29 views

RHEL 8 : pki-core:10.6 (RHSA-2023:1747)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1747 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: pki-core: access to...

7.5CVSS8.1AI score0.85323EPSS
Exploits3References4
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.22 views

Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks

Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows authenticated attackers with Overall/Read permission to have Jenkins parse a crafted XML document that uses external entities for extraction of secret...

6.5CVSS6.5AI score0.00715EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/23 11:26 a.m.9 views

CVE-2023-28681

Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.3AI score0.00569EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.6 views

PT-2023-21901 · Jenkins · Jenkins Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Performance Publisher Plugin versions 8.09 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers who can control PerfPublisher report fil...

8.2CVSS7.8AI score0.00569EPSS
Exploits0References6
OSV
OSV
added 2023/03/22 6:15 a.m.6 views

CVE-2023-28685

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7.1CVSS7.1AI score0.00602EPSS
Exploits0References1
Prion
Prion
added 2022/12/28 12:15 a.m.16 views

Xxe

Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML SNAPSHOT versions are being resolved...

5CVSS7.3AI score0.00557EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/07 12:0 a.m.19 views

CVE-2022-46682

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.7AI score0.00947EPSS
Exploits0References1
OSV
OSV
added 2022/11/15 8:15 p.m.5 views

CVE-2022-45400

Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.8CVSS5.8AI score0.01057EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 8:15 p.m.17 views

Xxe

Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

1.9CVSS5.4AI score0.00262EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/15 8:15 p.m.25 views

Xxe

Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7.5CVSS9.4AI score0.00961EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.7 views

CVE-2022-45397

Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

6.7AI score0.00961EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.9 views

CVE-2022-45396

Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7AI score0.00961EPSS
Exploits0References2
Rows per page
Query Builder