2725 matches found
CVE-2021-21657
Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21659
Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21659
Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21658
CVE-2021-21658 affects Jenkins Nuget Plugin 1.0 and earlier. The issue is an XML External Entity (XXE) vulnerability due to the plugin’s XML parser not preventing XXE attacks. Impact is described as potential exposure of secrets via crafted XML; remediation is available in Jenkins Nuget Plugin 1....
CVE-2021-21658
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Huawei EulerOS: Security Advisory for xerces-c (EulerOS-SA-2021-1862)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : xerces-c (EulerOS-SA-2021-1862)
According to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not be...
Security Bulletin: Multiple vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology
Summary Multiple vulnerabilities affect the IBM Jazz based Applications: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM, Rational Rhapsody Design Manager Rhapsody DM,...
CVE-2021-23365
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data...
CVE-2021-23365
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data...
Authentication flaw
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data...
CVE-2021-23365 Authentication Bypass
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data...
CVE-2021-23365
CVE-2021-23365 affects github.com/tyktechnologies/tyk-identity-broker (pre-1.1.1). Root cause is insecure XML handling by the Go XML parser during encoding/decoding, permitting authentication bypass of SAML authentication. Impact is partial confidentiality/integrity concerns with the authenticati...
CVE-2021-23365
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data...
tyk-identity-broker 授权问题漏洞
tyk-identity-broker is a software application. A service level component is provided that enables authorization of authorized identities and provides authenticated access to various Tyk-supported components such as the Tyk Dashboard, Tyk Developer Portal, and Tyk Gateway API streams e.g., OAuth...
PT-2021-15465 · Tyk · Tyk-Identity-Broker
Name of the Vulnerable Software and Affected Versions: tyk-identity-broker versions prior to 1.1.1 Description: The issue is related to Authentication Bypass via the Go XML parser, which can cause SAML authentication bypass. This occurs because the XML parser does not guarantee integrity in the X...