2729 matches found
Xxe
A vulnerability has been identified in Solid Edge SE2021 All Versions SE2021MP7. An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file...
CVE-2021-37178
A vulnerability has been identified in Solid Edge SE2021 All Versions SE2021MP7. An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file...
CVE-2021-32972
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing softwa...
Design/Logic Flaw
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing softwa...
CVE-2021-32972
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing softwa...
CVE-2021-32972
CVE-2021-32972 affects Panasonic FPWIN Pro (all Versions 7.5.1.1 and earlier). A crafted project file can specify a URI that causes the XML parser to fetch and embed remote content, potentially disclosing information accessible in the user’s context. Public sources in the connected documents conf...
Security Bulletin: Vulnerability in Apache Xerces-C XML parser, including XML4C affects IBM InfoSphere Optim Data Growth & Test Data Management & Application Retirement
Summary Open Source Xerces-C XML parser vulnerability affects IBM InfoSphere Optim Data Growth & Test Data Management & Application Retirement, also known as the server components. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial...
XXE vulnerability in Jenkins Selenium HTML report Plugin
Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to control the report files parsed using this plugin to have Jenkins parse a crafted report file that uses external entities for...
GHSA-HXXP-6546-WV6R XXE vulnerability in Jenkins Selenium HTML report Plugin
Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to control the report files parsed using this plugin to have Jenkins parse a crafted report file that uses external entities for...
Jenkins code issue vulnerability (CNVD-2021-49058)
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A code issue vulnerability exists in Jenkins Selenium HTML report Plugin 1.0 and earlier versions that stems from the...
CVE-2021-21672
Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21672
Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21672
CVE-2021-21672 affects the Jenkins Selenium HTML Report Plugin (versions 1.0 and earlier). The root cause is that the plugin’s XML parser is not configured to prevent XML External Entity (XXE) attacks, allowing an attacker able to control the parsed report file to cause disclosure of file content...
Jenkins 代码问题漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A code issue vulnerability exists in Jenkins Selenium HTML report Plugin 1.0 and earlier versions that stems from the...
GHSA-2JX8-V4HV-GX3H XXE vulnerability in Launch import
| Release Date | Affected Projects | Affected Versions | Access Vector| Security Risk | |--------------|-------------------|-------------------|---------------|---------------| | Monday, May 4, 2020| service-api | Every version, starting from 3.1.0 | Remote | Medium | Impact Starting from version...
GHSA-24WF-7VF2-PV59 XXE vulnerability on Launch import with externally-defined DTD file
Impact Starting from version 3.1.0 we introduced a new feature of JUnit XML launch import. Unfortunately XML parser was not configured properly to prevent XML external entity XXE attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition...
XML External Entity (XXE)
service-api is vulnerable to XML External Entity XXE. The vulnerability exists due to an insecure configuration in the XML parser. An attacker is able to import a malicious crafted file which imports external Document Type Definition DTD files which will extract secrets from the system...
Xxe
Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity XXE attacks. This allows a user to import a specifically-crafted XML...
CVE-2021-29620
CVE-2021-29620 concerns the Report Portal service-api. Starting with version 3.1.0, an XML parser was not properly configured to prevent XML External Entity (XXE) attacks, allowing a crafted XML import to reference external DTDs and external entities. This can lead to extraction of secrets from t...