Total
992 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41241 | 1 Jenkins | 1 Rqm | 2023-11-01 | N/A | 9.1 CRITICAL |
| Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45395 | 1 Jenkins | 1 Cccc | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45400 | 1 Jenkins | 1 Japex | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45397 | 1 Jenkins | 1 Osf Builder Suite \ | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45396 | 1 Jenkins | 1 Sourcemonitor | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45386 | 1 Jenkins | 1 Violations | 2023-11-01 | N/A | 5.5 MEDIUM |
| Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2023-43624 | 1 Omrom | 1 Cx-designer | 2023-11-01 | N/A | 5.5 MEDIUM |
| CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed. | |||||
| CVE-2023-43067 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2023-10-28 | N/A | 6.5 MEDIUM |
| Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system. | |||||
| CVE-2023-3823 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Php | 2023-10-27 | N/A | 7.5 HIGH |
| In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. | |||||
| CVE-2021-21672 | 1 Jenkins | 1 Selenium Html Report | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2021-21642 | 1 Jenkins | 1 Config File Provider | 2023-10-25 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2324 | 1 Jenkins | 1 Cvs | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2284 | 1 Jenkins | 1 Liquibase Runner | 2023-10-25 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2247 | 1 Jenkins | 1 Klocwork Analysis | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2023-10-25 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2178 | 1 Jenkins | 1 Parasoft Findings | 2023-10-25 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2171 | 1 Jenkins | 1 Rapiddeploy | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2144 | 1 Jenkins | 1 Rundeck | 2023-10-25 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2138 | 1 Jenkins | 1 Cobertura | 2023-10-25 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2120 | 1 Jenkins | 1 Fitnesse | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | |||||