2725 matches found
CVE-2021-28684
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network via an XXE attack...
CVE-2021-28684
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network via an XXE attack...
Xxe
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network via an XXE attack...
CVE-2021-28684
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network via an XXE attack...
CVE-2021-28684
The CVE-2021-28684 entry describes an XXE vulnerability in the XML parser used by ConeXware PowerArchiver up to version 20.10.02, allowing external entities to exfiltrate local files over the network. Affected software is PowerArchiver (ConeXware) prior to 20.10.02; root cause is processing of ex...
CVE-2021-21669
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21669
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21669
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2021-14712 · Jenkins · Jenkins Generic Webhook Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Generic Webhook Trigger Plugin versions 1.72 and earlier Description: The issue allows attackers to have Jenkins parse a crafted XML request body that uses external entities for extraction of secrets from the Jenkins controller or...
Tenable Nessus 8.x.x < 8.15.0 Multiple Vulnerabilities (TNS-2021-11)
According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 8.15.0. It is, therefore, affected by multiple vulnerabilities: - Multiple local privilege escalation vulnerabilities. A local attacker can exploit these to gain administrator privileges ...
CVE-2020-2305
A flaw was found in the mercurial plugin in Jenkins. The XML changelog parser is not configured to prevent an XML external entity XXE attack allowing an attacker the ability to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of...
SUSE: Security Advisory (SUSE-SU-2019:1835-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
XML External Entity (XXE)
Jenkins Config File Provider Plugin is vulnerable to XML external entity XXE. It does not configure its XML parser to prevent XML external entity XXE attacks. A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE...
CVE-2021-27492
When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of...
Code injection
When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of...
CVE-2021-27492
The CVE-2021-27492 entry concerns Datakit CrossCADWare libraries (CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr) embedded in Luxion KeyShot v10.1 and earlier. The connected Red Hat, ZDI, and ICS/CERT records confirm a concrete XXE-style vulnerability: when opening a special...
CVE-2021-21658
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21659
Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21657
Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...