GHSA-M53P-F25Q-Q6FG XXE vulnerability in Jenkins Robot Framework Plugin

Robot Framework Plugin 2.0.0 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Robot Framework' post-build step to have Jenkins parse a crafted file that uses external entities for extracti...

XXE vulnerability in Jenkins Robot Framework Plugin

Robot Framework Plugin 2.0.0 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Robot Framework' post-build step to have Jenkins parse a crafted file that uses external entities for extracti...

GHSA-7MF5-79GV-66GH Jenkins Maven Release Plug-in Plugin XXE vulnerability

Jenkins Maven Release Plug-in Plugin retrieves XML from Nexus repository manager APIs. Maven Release Plug-in Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. While Jenkins users without Overall/Administer permission are not allowed to configu...

Updated ruby-nokogiri packages fix security vulnerability

Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a...

[SECURITY] Fedora 34 Update: rubygem-nokogiri-1.11.7-3.fc34

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...

XML External Entity Reference in Jenkins Storable Configs Plugin

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller...

GHSA-WQMP-2P5R-RHFV XML External Entity Reference in Jenkins Storable Configs Plugin

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller...

expat: Integer overflow in storeAtts in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

CVE-2022-30971

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-30971

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-30971

CVE-2022-30971 – Jenkins Storable Configs Plugin XXE . The vulnerability is in Jenkins Storable Configs Plugin 1.0 and earlier, where the XML parser is not configured to prevent XML External Entity (XXE) attacks. This is confirmed by multiple sources in the provided documents (NVD entry for CVE-2...

CVE-2022-30971

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

new packages: perl-XML-Parser

An update is available for perl-XML-Parser. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Apache Tomcat Allows Replacing of XML Parser

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted application that is loaded earlier than the targ...

GHSA-R7C8-HGHC-2MP8 Apache Tomcat Allows Replacing of XML Parser

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted application that is loaded earlier than the targ...

HCL Technologies HCL Unica Platform Code Issue Vulnerability

HCL Technologies HCL Unica Platform is an enterprise automated marketing platform from HCL Technologies India.A security vulnerability exists in versions of HCL Technologies HCL Unica Platform prior to 12.1.1, which stems from an improperly configured XML parser that processing user-supplied inpu...

Denial Of Service (DoS)

pjproject is vulnerable to denial of service. The vulnerability exists due to the infinite loop in the xml parser, allowing an attacker to cause an application crash...

GHSA-85HW-W436-C725 XML External Entity Reference in Apache Cayenne

This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a...

GHSA-PRC3-7F44-W48J Missing XML Validation in Apache Tomcat

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to 1 read arbitrary files via a crafted web application that provides an XML external entity...

Missing XML Validation in Apache CXF

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...