CVE-2021-32972

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing softwa...

CVE-2021-32972

CVE-2021-32972 affects Panasonic FPWIN Pro (all Versions 7.5.1.1 and earlier). A crafted project file can specify a URI that causes the XML parser to fetch and embed remote content, potentially disclosing information accessible in the user’s context. Public sources in the connected documents conf...

Security Bulletin: Vulnerability in Apache Xerces-C XML parser, including XML4C affects IBM InfoSphere Optim Data Growth & Test Data Management & Application Retirement

Summary Open Source Xerces-C XML parser vulnerability affects IBM InfoSphere Optim Data Growth & Test Data Management & Application Retirement, also known as the server components. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial...

XXE vulnerability in Jenkins Selenium HTML report Plugin

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to control the report files parsed using this plugin to have Jenkins parse a crafted report file that uses external entities for...

GHSA-HXXP-6546-WV6R XXE vulnerability in Jenkins Selenium HTML report Plugin

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to control the report files parsed using this plugin to have Jenkins parse a crafted report file that uses external entities for...

Jenkins code issue vulnerability (CNVD-2021-49058)

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A code issue vulnerability exists in Jenkins Selenium HTML report Plugin 1.0 and earlier versions that stems from the...

CVE-2021-21672

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21672

CVE-2021-21672 affects the Jenkins Selenium HTML Report Plugin (versions 1.0 and earlier). The root cause is that the plugin’s XML parser is not configured to prevent XML External Entity (XXE) attacks, allowing an attacker able to control the parsed report file to cause disclosure of file content...

CVE-2021-21672

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Jenkins 代码问题漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A code issue vulnerability exists in Jenkins Selenium HTML report Plugin 1.0 and earlier versions that stems from the...

GHSA-2JX8-V4HV-GX3H XXE vulnerability in Launch import

| Release Date | Affected Projects | Affected Versions | Access Vector| Security Risk | |--------------|-------------------|-------------------|---------------|---------------| | Monday, May 4, 2020| service-api | Every version, starting from 3.1.0 | Remote | Medium | Impact Starting from version...

GHSA-24WF-7VF2-PV59 XXE vulnerability on Launch import with externally-defined DTD file

Impact Starting from version 3.1.0 we introduced a new feature of JUnit XML launch import. Unfortunately XML parser was not configured properly to prevent XML external entity XXE attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition...

XML External Entity (XXE)

service-api is vulnerable to XML External Entity XXE. The vulnerability exists due to an insecure configuration in the XML parser. An attacker is able to import a malicious crafted file which imports external Document Type Definition DTD files which will extract secrets from the system...

Xxe

Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity XXE attacks. This allows a user to import a specifically-crafted XML...

CVE-2021-29620

CVE-2021-29620 concerns the Report Portal service-api. Starting with version 3.1.0, an XML parser was not properly configured to prevent XML External Entity (XXE) attacks, allowing a crafted XML import to reference external DTDs and external entities. This can lead to extraction of secrets from t...

GHSA-599H-8WPJ-75XJ Authentication Bypass in tyk-identity-broker

The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data...

Authentication Bypass in tyk-identity-broker

The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data...

jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.

A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external...

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libexpat

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote...