109 matches found
CVE-2024-47873 PhpSpreadsheet XmlScanner bypass leads to XXE
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...
CVE-2023-30951
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...
CVE-2023-30951 CVE-2023-30951
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...
Important: pki-core
Issue Overview: Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. CVE-2022-2414 Affected Packages: pki-core Note:...
CVE-2023-26263
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity XXE attacks in the /MIMBWebServices/license endpoint of the remote harvesting server...
CVE-2023-28683
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2023-21900 · Jenkins · Jenkins Visual Studio Code Metrics Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Visual Studio Code Metrics Plugin versions 1.7 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers who can control VS Code Metrics File...
CVE-2023-28685
Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
JSA10401 - Pulse Connect Secure (PCS) product - PCS Security Bundle - Internal System Function
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Internal System Function vulnerabilities found and fixed through a combination of internal and external proactive security testing: Issue with special characters used in a parameter in...
Ubuntu: Security Advisory (USN-4774-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-24430
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2023-18594 · Zoho · Zoho Manageengine Exchange Reporter Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Exchange Reporter Plus versions prior to 5708 Description: The issue allows attackers to conduct XXE XML External Entity attacks. This type of attack occurs when an application parses XML input that contains malicious extern...
CVE-2022-40771
CVE-2022-40771 affects Zoho ManageEngine ServiceDesk Plus versions 13010 and earlier. The vulnerability is an XML External Entity (XXE) issue in the Analytics Plus integration that can lead to information disclosure. The CVSS v3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N with a base score of...
Information Disclosure
pki-core is vulnerable to Information Disclosure. An attacker is able to retrieve the content of arbitrary files by sending specially crafted HTTP requests causing xml external entity attacks...
CVE-2022-45395
Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-45386
Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-45981
NetScout nGeniusONE 6.3.2 allows an XML External Entity XXE attack...
Nokogiri is vulnerable to XML External Entity (XXE) attack
Nokogiri before 1.5.4 is vulnerable to XXE attacks...
CVE-2021-21701
Summary: CVE-2021-21701 affects Jenkins Performance Plugin 3.20 and earlier. The root cause is an XML parser not configured to prevent XML External Entity (XXE) attacks. What’s affected: the Performance Plugin in Jenkins; versions ≤ 3.20. Impact (as described in connected sources): an attacker wi...
CVE-2020-15232 XML External Entity attack in mapfish-print
In mapfish-print before version 3.24, a user can do to an XML External Entity XXE attack with the provided SDL style...