CVE-2021-21642

A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external...

CVE-2021-21642

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21642

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21642

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21642

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Security Bulletin: Vulnerability in Apache PDFBox affect Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2019-0228)

Summary Apache Solr susceptible to XXE vulnerability in Apache PDFBox. This has been fixed. Vulnerability Details CVEID: CVE-2019-0228 DESCRIPTION: Apache PDFBox could allow a remote attacker to obtain sensitive information, caused by improper handling of XML External Entity XXE by the XML parser...

SUSE: Security Advisory (SUSE-SU-2016:2154-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:1508-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ezXML 缓冲区错误漏洞

ezXML is a C library for parsing XML documents . An out-of-bounds read vulnerability exists in libezxml.a in ezXML version 0.8.6. The vulnerability stems from a memory handling error performed by the ezxmlparsestr function when parsing a specially crafted XML file. An attacker could exploit this...

Perforce Software Perforce Helix ALM 代码问题漏洞

Perforce Software Perforce Helix ALM is an application software from Perforce Software, Inc. It provides application lifecycle management for products. A security vulnerability exists in Perforce Helix ALM 2020.3.1 Build 22, which stems from the XML Import feature accepting XML input data parsed ...

Authentication Bypass

Overview Affected versions of this package are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data. Remediation Upgrade...

CVE-2021-28110

/exec in TranzWare e-Commerce Payment Gateway TWEC PG before 3.1.27.5 had a vulnerability in its XML parser...

CVE-2021-28110

/exec in TranzWare e-Commerce Payment Gateway TWEC PG before 3.1.27.5 had a vulnerability in its XML parser...

Code injection

/exec in TranzWare e-Commerce Payment Gateway TWEC PG before 3.1.27.5 had a vulnerability in its XML parser...

CVE-2021-28110

CVE-2021-28110 affects TranzWare e-Commerce Payment Gateway (TWEC PG) prior to version 3.1.27.5, due to a vulnerability in its XML parser. The issue is described without exploitation details in the provided sources, with CVSSv3.1 base score 7.5 (Network attack, no privileges required, high availa...

CVE-2021-28110

/exec in TranzWare e-Commerce Payment Gateway TWEC PG before 3.1.27.5 had a vulnerability in its XML parser...

USN-4784-1: Xerces-C++ vulnerabilities

It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2016-209...

CVE-2020-28387

A vulnerability has been identified in Solid Edge SE2020 All Versions SE2020MP13, Solid Edge SE2021 All Versions SE2021MP3. When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted...

CVE-2020-28387

A vulnerability has been identified in Solid Edge SE2020 All Versions SE2020MP13, Solid Edge SE2021 All Versions SE2021MP3. When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted...

Design/Logic Flaw

A vulnerability has been identified in Solid Edge SE2020 All Versions SE2020MP13, Solid Edge SE2021 All Versions SE2021MP3. When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted...