CVE-2022-4725 AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

CVE-2022-46682

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-46682

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

libxml2: integer overflows with XML_PARSE_HUGE

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

Important: expat

Issue Overview: A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XMLResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some...

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset typically leading to a segmentation fault.

...

Double free

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...

CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

Microsoft Exchange OrganizationInitializationDefinition External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the OrganizationInitializationDefinition class. Due to the improper restriction o...

TestNG 路径遍历漏洞

TestNG is a Java language testing framework developed by Cedric Beust. A path traversal vulnerability exists in TestNG, which stems from an affected testngXmlExistsInJar function in the testng-core/src/main/java/org/testng/JarFileUtils.java file in the component XML File Parser, which could lead ...

[SECURITY] Fedora 37 Update: expat-2.5.0-1.fc37

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

GHSA-H4WX-78P9-FWXW XXE vulnerability on agents in Jenkins SourceMonitor Plugin

SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Publish SourceMonitor results' post-build step to have agent processes parse a crafted file that uses external entities...

GHSA-8847-XVJW-9G43 XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin

OSF Builder Suite : : XML Linter 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML files that get processed by the 'OSF Builder Suite : : XML Linter' build step to have agent processes parse a crafted file tha...

XXE vulnerability on agents in Jenkins SourceMonitor Plugin

SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Publish SourceMonitor results' post-build step to have agent processes parse a crafted file that uses external entities...

XXE vulnerability in Jenkins JAPEX Plugin

JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Record Japex test report' post-build step to have Jenkins parse a crafted file that uses external entities for extraction of...

GHSA-8538-25V4-25PG XXE vulnerability in Jenkins JAPEX Plugin

JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Record Japex test report' post-build step to have Jenkins parse a crafted file that uses external entities for extraction of...

CVE-2022-45400

Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-45396

Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-45396

Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...