NewStart CGSL CORE 5.05 / MAIN 5.05 : xerces-c Vulnerability (NS-SA-2020-0114)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has xerces-c packages installed that are affected by a vulnerability: - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been...

Arcserve D2D getNews XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity XXE...

CVE-2020-2324

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2324

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2324

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2324

The CVE-2020-2324 issue affects Jenkins CVS Plugin versions 2.16 and earlier. The root cause is that the plugin’s XML parser does not disable XML External Entity (XXE) processing, enabling an attacker who can control an agent process to have Jenkins parse a crafted changelog file that can exfiltr...

Xxe

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server...

CVE-2020-7572

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server...

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

CVE-2020-2315

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2315

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2305

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2305

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2304

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2315

The CVE-2020-2315 issue affects Jenkins Visualworks Store Plugin versions 1.1.3 and earlier. The root cause is that the plugin’s XML parser does not disable XML External Entity (XXE) processing, enabling crafted XML to potentially reveal secrets from the Jenkins controller or facilitate SSRF-like...

CVE-2020-2315

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...