CVE-2020-2245

Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2245

Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2247

CVE-2020-2247 affects the Jenkins Klocwork Analysis Plugin, where versions 2020.2.1 and earlier do not configure their XML parser to prevent XML external entity (XXE) attacks. This security gap could allow crafted input files to trigger XXE processing on the Jenkins server. The Connected document...

CVE-2020-2247

Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2245

Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2245

CVE-2020-2245 affects Jenkins Valgrind Plugin 0.28 and earlier. The root cause is an XML parser not configured to disable external entities, enabling XXE attacks. In-the-wild impact described in a GHSA advisory includes the possibility of parsing crafted input to exfiltrate secrets or trigger SSR...

CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

Security Bulletin: IBM MQ Appliance is affected by a buffer overflow vulnerability (CVE-2015-2716)

Summary IBM MQ Appliance has resolved a buffer overflow vulnerability. Vulnerability Details CVEID: CVE-2015-2716 DESCRIPTION: Expat, as used in Mozilla Firefox and Thunderbird, is vulnerable to a buffer overflow, caused by improper bounds checking by the XML parser. By persuading a victim to ope...

CVE-2020-12684

XXE injection can occur in i-net Clear Reports 2019 19.0.287 Designer, as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser...

Sql injection

XXE injection can occur in i-net Clear Reports 2019 19.0.287 Designer, as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser...

CVE-2020-12684

XXE injection can occur in i-net Clear Reports 2019 19.0.287 Designer, as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser...

CVE-2020-12684

CVE-2020-12684 describes an XML External Entity (XXE) injection in i-net Clear Reports 2019, version 19.0.287 (Designer), used with i-net HelpDesk and related products. The vulnerability arises when XML input containing a reference to an external entity is processed by a weakly configured XML par...

Veeam ONE Reporter_ImportLicense Page_Load XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReporterImportLicense class. Due to the improper restriction of XML External Entit...

EulerOS 2.0 SP2 : xerces-c (EulerOS-SA-2020-1640)

According to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not be...

Huawei EulerOS: Security Advisory for xerces-c (EulerOS-SA-2020-1640)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei Data Communication: Two DOS Vulnerabilities of XML Parser in Some Huawei Products (huawei-sa-20171201-01-xml)

XML parser have two DOS vulnerabilities in some Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Security Bulletin: IBM Prospect is affected by Expat XML Parser vulnerability (CVE-2019-15903)

Summary Prospect Server is affected by Expat XML parsing vulnarability CVE-2019-15903 which may result in a heap-based buffer over-read. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xerces-c Vulnerability (NS-SA-2020-0028)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xerces-c packages installed that are affected by a vulnerability: - The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been...