Important: Red Hat Security Advisory: xerces-c security update

An update for xerces-c is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a...

CVE-2020-2115

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

CVE-2020-2120

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

CVE-2020-2115

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

CVE-2020-2120

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

CVE-2020-2120

The CVE-2020-2120 relates to Jenkins FitNesse Plugin (versions 1.30 and earlier) where the XML parser is not configured to disable external entities (XXE). This can allow crafted input files supplied to the plugin’s post-build step to trigger XXE processing, enabling potential extraction of secre...

CVE-2020-2115

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

CVE-2020-2115

CVE-2020-2115 affects Jenkins NUnit Plugin 0.25 and earlier. The root cause is that the XML parser is not configured to prevent XML External Entity (XXE) attacks, allowing an attacker who controls input files for the post-build step to have Jenkins parse crafted XML and potentially leak secrets, ...

Security Bulletin: Vulnerabilities in Expat component shipped with IBM Rational ClearQuest (CVE-2016-0718, CVE-2015-1283, CVE-2016-4472, CVE-2015-2716)

Summary IBM Rational ClearQuest is affected by Expat library buffer overflow and denial of service vulnerabilities. Vulnerability Details CVEID: CVE-2016-0718 DESCRIPTION: Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By using the...

CVE-2020-2108

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...

CVE-2020-2108

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...

Design/Logic Flaw

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...

CVE-2020-2108

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...

CVE-2020-2108

CVE-2020-2108 affects Jenkins WebSphere Deployer Plugin 1.6.1 and earlier. The root cause is the XML parser not configured to disable XML External Entity (XXE) processing, allowing XXE exploitation. An attacker with Job/Configure permissions can upload a specially crafted WAR containing WEB-INF/i...

Security Bulletin: Vulnerability in Apache PDFBox Affects IBM Control Center (CVE-2019-0228)

Summary Vulnerability in Apache PDFBox Affects IBM Control Center CVE-2019-0228 Vulnerability Details CVEID: CVE-2019-0228 DESCRIPTION: Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a craft...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1783)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1698)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...