CVE-2020-2171

CVE-2020-2171 affects the Jenkins RapidDeploy Plugin (versions 4.2 and earlier). The root cause is a configured XML parser that does not disable XML external entity (XXE) processing, enabling an attacker to craft input files that may lead to secret extraction, server-side impacts, or DoS through ...

CVE-2020-2171

Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

XML External Entity (XXE)

AutoUpdater.NET is vulnerable to XML External Entity XXE. The vulnerability exists as the XML parser used in AutoUpdater does not properly restrict resolving XML external entities...

Security Bulletin: Open Source Apache Xerces-C XML parser vulnerabilities affect IBM Integration Bus and WebSphere Message Broker (CVE-2016-4463, CVE-2016-0729)

Summary IBM Integration Bus and WebSphere Message Broker are affected by Open Source Apache Xerces-C XML parser vulnerabilities. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking duri...

CVE-2020-2144

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2144

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2138

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2144

Summary: CVE-2020-2144 affects the Jenkins Rundeck Plugin, version 3.6.6 and earlier. The underlying issue is that the plugin’s XML parser does not disable XML External Entity (XXE) processing, which can enable a user with read access to submit crafted XML that leverages external entities, potent...

CVE-2020-2144

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2144

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2138

The CVE-2020-2138 issue concerns Jenkins Cobertura Plugin versions 1.15 and earlier, where the XML parser was not configured to prevent XML External Entity (XXE) attacks. The vulnerability allows a user who can control input files for the Publish Cobertura Coverage Report step to cause the Jenkin...

CVE-2020-2138

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Scientific Linux Security Update : xerces-c on SL6.x i386/x86_64 (20200304)

Security Fixes : - xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs CVE-2018-1311 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid134274; scriptversion"1.3";...

Scientific Linux Security Update : xerces-c on SL7.x x86_64 (20200304)

Security Fixes : - xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs CVE-2018-1311 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid134275; scriptversion"1.3";...

CentOS 6 : xerces-c (RHSA-2020:0702)

The remote CentOS Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0702 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed...

CentOS: Security Advisory for xerces-c (CESA-2020:0704)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

xerces security update

CentOS Errata and Security Advisory CESA-2020:0704 An update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

xerces security update

CentOS Errata and Security Advisory CESA-2020:0702 An update for xerces-c is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs

A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition DTD may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially...