CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-41933

CVE-2023-41933 affects Jenkins Job Configuration History Plugin versions 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not configure its XML parser to prevent XML External Entity (XXE) attacks, enabling potential XXE exploitation. The provided documents do not specify ex...

(0Day) LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent command. Due to the improper restriction ...

(0Day) LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the saveXmlFile method. Due to the improper restriction of XML External Entity...

Ivanti Avalanche decodeToMap XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decodeToMap method. Due to the improper restriction of XML External Entity...

Important: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

VBASE VISAM Automation Base DBConnections File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

VBASE VISAM Automation Base FB File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

VBASE VISAM Automation Base VBASE-Editor WebRemote File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

VBASE VISAM Automation Base VBASE-Editor GestureConfigurations File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

Security Bulletin: IBM TRIRIGA Application Platform discloses use of Apache Xerces (CVE-2022-23437)

Summary Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote attacker could exploit this vulnerability to consume system resources for prolonged duratio...

OESA-2023-1455 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow.CVE-2022-22822 buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an...

Security Bulletin: A vulnerability in OpenStack Swift affects IBM Storage Scale environments with the S3 capability of Object protocol enabled (CVE-2022-47950)

Summary IBM Storage Scale, shipped with OpenStack Swift, is exposed to vulnerabilities as detailed below. The exposure to this vulnerability only exists if the Object protocol has been configured with S3 enabled. Vulnerability Details CVEID:CVE-2022-47950 DESCRIPTION: OpenStack Swift could allow ...

XML External Entity (XXE) Attacks

External Monitor Job Type Plugin is vulnerable to XML External Entity XXE Attacks. The vulnerability exists because it does not properly configure the XML parser which allows an attacker with Item/Build permission to parse a crafted HTTP request with XML data, resulting in external entity XXE...

CVE-2023-37942

The CVE-2023-37942 entry concerns Jenkins External Monitor Job Type Plugin, specifically 206.v9a_94ff0b_4a_10 and earlier. The root cause is that the XML parser was not configured to prevent XML External Entity (XXE) attacks. Impact as described: an attacker with Item/Build permission can supply ...

CVE-2023-37942

Jenkins External Monitor Job Type Plugin 206.v9a94ff0b4a10 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

GHSA-58QW-P7QM-5RVH Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations

From the reporter XmlParser is vulnerable to XML external entity XXE vulnerability. XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit this vulnerability in order to achieve SSRF or cause a denial of service. One possible scenario is importing a remote...

GHSA-WF8M-QR47-XC9M Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control Project File APX contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...