CVE-2020-28387

A vulnerability has been identified in Solid Edge SE2020 All Versions SE2020MP13, Solid Edge SE2021 All Versions SE2021MP3. When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted...

Security Bulletin: IBM MQ Appliance is affected by libexpat vulnerabilities (CVE-2018-20843, CVE-2019-15903)

Summary IBM MQ Appliance has resolved libexpat vulnerabilities. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit th...

CVE-2021-21517

SRS Policy Manager 6.X is affected by an XML External Entity Injection XXE vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a...

CVE-2021-21517

CVE-2021-21517 affects Dell SRS Policy Manager 6.X, where an XML External Entity (XXE) vulnerability arises from a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. This allows a remote, unauthenticated attacker to read system files as a non-root user ...

Dell SRS Policy Manager 代码问题漏洞

Dell SRS Policy Manager is an application from Dell USA. It provides Dell policy management features. A security vulnerability exists in SRS Policy Manager 6.X. The vulnerability stems from a misconfigured XML parser that fails to perform sufficient validation when processing user-supplied DTD...

Xxe

Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...

CVE-2021-27184

Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.4.33 packages and security update

Red Hat OpenShift Container Platform release 4.4.33 is now available with updates to packages and images that fix several bugs. This release includes a security update for jenkins-2-plugins, openshift, and openshift-kuryr for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has...

jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the mercurial plugin in Jenkins. The XML changelog parser is not configured to prevent an XML external entity XXE attack allowing an attacker the ability to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of...

CVE-2021-21266

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

CVE-2021-21266

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

Xxe

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

CVE-2021-21266

openHAB versions prior to 2.5.12 and 3.0.1 are affected by an XML external entity (XXE) vulnerability that allows network-local attackers to read files from the file system via XML parsing, with potentially malicious responses to SSDP requests. The issue arises in SAX/JAXB-based XML processing ac...

CVE-2020-27858

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity...

Xxe

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity...

CVE-2020-27858

CVE-2020-27858 affects CA Arcserve D2D 16.5. A flaw in the getNews method arises from improper restriction of XML External Entity (XXE) references, allowing remote attackers to disclose sensitive information in the context of SYSTEM without authentication. The exploitation path is via a crafted X...

Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are affected by vulnerabilities in Apache Xerces-C 3.0.0 to 3.2.2 XML parser (CVE-2018-1311)

Summary Vulnerabilities in Apache Xerces-C 3.0.0 to 3.2.2 XML parser affect IBM Integration Bus and IBM App Connect Enterprise . IBM App Connect Enterprise and IBM Integration Bus have addressed the applicable CVEs Vulnerability Details CVEID: CVE-2018-1311 DESCRIPTION: Apache Xerces-C could allo...

jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the mercurial plugin in Jenkins. The XML changelog parser is not configured to prevent an XML external entity XXE attack allowing an attacker the ability to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.5.27 packages and security update

Red Hat OpenShift Container Platform release 4.5.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having ...

RHEL 7 : OpenShift Container Platform 4.5.27 (RHSA-2021:0034)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0034 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...