expat: Integer overflow in function XML_GetBuffer

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

CVE-2022-43680

In CVE-2022-43680, libexpat up to version 2.4.9 contains a use-after-free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate during out-of-memory situations. The impact is rated High (Availability impact) with a CVSSv3.1 base score of 7.5 (Network attack vector, no ...

GHSA-VHWV-8897-JM7Q XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin

Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Topaz for Total Test - Execute Total Test scenarios' build step to have Jenkins parse a crafted XML...

XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin

Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Topaz for Total Test - Execute Total Test scenarios' build step to have Jenkins parse a crafted XML...

GHSA-2W2M-CCF8-57CQ XXE vulnerability in Jenkins REPO Plugin

REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control which repo binary is executed on agents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...

CVE-2022-43430

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43415

Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43415

Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43430

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43430

CVE-2022-43430 affects Jenkins Compuware Topaz for Total Test Plugin versions 2.4.8 and earlier. Root cause: the plugin’s XML parser is not configured to prevent XML External Entity (XXE) attacks. Impact: a crafted XML input in the Topaz Execute Total Test scenarios could allow extraction of secr...

CVE-2022-43415

Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43415

CVE-2022-43415 affects Jenkins REPO Plugin 1.15.0 and earlier. The underlying issue is that the plugin’s XML parser does not disable XML external entity (XXE) processing, enabling an attacker who can influence the repo binary on agents to cause the Jenkins controller to parse crafted XML and pote...

Jenkins Plugin REPO 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...

ALSA-2022:7020 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security...

Adobe ColdFusion Solr Service XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apache Solr service. Due to the improper restriction of XML External Entity...

PT-2022-6444 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: An XXE issue was discovered in Nokia NetAct via an XML document to a Performance Manager page, where input validation and a proper XML parser configuration are missing. This could allow an...

PT-2022-02: XML External Entity (XXE)

Input validation and proper XML parsers configuration was missing. On the Perfomance Manager+ page, attackers can import XML files. Support of external entities is enabled for processing of such files, which leads to Arbitrary File Read and SSRF. The attack can only be performed by an internal...

Fedora: Security Advisory for expat (FEDORA-2022-15ec504440)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...