Jenkins 代码问题漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A code issue vulnerability exists in Jenkins Plugin, which stems from OWASP Dependency-Check version 5.1.1 and earlier not...

Jenkins Enterprise and Operations Center < 2.249.31.0.4 / 2.277.4.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-05-11)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.4, or 2.x prior to 2.277.4.3. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forgery CSRF vulnerability in Jenkin...

FortiPortal - XML parser is vulnerable to XXE attacks

An improper restriction of XML external entity reference vulnerability CWE-611 in the parser of XML responses of FortiPortal may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file...

Python < 2.7.14, 3.3.x < 3.3.7, 3.4.x < 3.4.7, 3.5.x < 3.5.4, 3.6.x < 3.6.2 Expat 2.2.1 (bpo-30694) - Windows

'Expat SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.118248";...

openSUSE 15 Security Update : xerces-c (openSUSE-SU-2021:2958-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2958-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not be...

openSUSE 15 Security Update : xerces-c (openSUSE-SU-2021:1231-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1231-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not be...

openSUSE: Security Advisory for xerces-c (openSUSE-SU-2021:2958-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1231-1 Security update for xerces-c

This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552. This update was imported from the SUSE:SLE-15:Update update project...

OPENSUSE-SU-2021:2958-1 Security update for xerces-c

This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552...

SUSE-SU-2021:2958-1 Security update for xerces-c

This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552...

SUSE SLED15 / SLES15 Security Update : xerces-c (SUSE-SU-2021:2958-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2958-1 advisory. - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552. Tenable has extracted the preceding...

SUSE: Security Advisory (SUSE-SU-2021:2944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : xerces-c (SUSE-SU-2021:2944-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2944-1 advisory. - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552. Tenable has extracted the...

SUSE-SU-2021:2944-1 Security update for xerces-c

This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552...

SUSE-SU-2021:2920-1 Security update for xerces-c

This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552...

CVE-2021-37714 Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

Cisco UCS Director AMF XML External Entity Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the amf endpoint, which listens on TCP port 443 by default. Due to the improp...

PT-2021-24348 · Unknown · Fast-Xml-Parser

Name of the Vulnerable Software and Affected Versions: fast-xml-parser versions prior to 4.1.2 Description: The issue allows for Prototype Pollution via the proto variable. This can be exploited by including proto as a tag or attribute name in an XML string. The estimated number of potentially...

Siemens Solid Edge XML External Entity Injection Vulnerability

Siemens Solid Edge is a 3D CAD software from Siemens, Germany. The software can be used in industries such as part design, assembly design, sheet metal design, welding design, etc. A security vulnerability exists in previous versions of Siemens Solid Edge SE2021 SE2021MP7, which stems from an XML...

CVE-2021-37178

A vulnerability has been identified in Solid Edge SE2021 All Versions SE2021MP7. An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file...