Total
1045 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4334 | 1 Tejimaya | 1 Opwebapiplugin | 2020-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities | |||||
| CVE-2019-18412 | 1 Jetbrains | 1 Idetalk | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains IDETalk plugin before version 193.4099.10 allows XXE | |||||
| CVE-2013-4333 | 1 Tejimaya | 1 Openpne | 2020-02-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability | |||||
| CVE-2019-4707 | 1 Ibm | 1 Security Access Manager | 2020-01-31 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018. | |||||
| CVE-2017-1000498 | 1 Androidsvg Project | 1 Androidsvg | 2020-01-30 | 6.8 MEDIUM | 7.8 HIGH |
| AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution | |||||
| CVE-2014-5238 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-01-28 | 6.8 MEDIUM | 7.8 HIGH |
| XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document. | |||||
| CVE-2015-1809 | 1 Jenkins | 1 Cloudbees | 2020-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query. | |||||
| CVE-2015-1811 | 1 Jenkins | 1 Cloudbees | 2020-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. | |||||
| CVE-2018-10653 | 1 Citrix | 1 Xenmobile Server | 2020-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2015-8549 | 1 Pyamf | 1 Pyamf | 2020-01-22 | 5.8 MEDIUM | 7.1 HIGH |
| XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload. | |||||
| CVE-2020-6958 | 1 Yet Another Java Service Wrapper Project | 1 Yet Another Java Service Wrapper | 2020-01-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service. | |||||
| CVE-2019-20153 | 1 Determine | 1 Contract Lifecycle Management | 2020-01-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials). | |||||
| CVE-2019-15983 | 1 Cisco | 1 Data Center Network Manager | 2020-01-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the DCNM application. The vulnerability exists because the SOAP API improperly handles XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by inserting malicious XML content in an API request. A successful exploit could allow the attacker to read arbitrary files from the affected device. Note: The severity of this vulnerability is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | |||||
| CVE-2019-19998 | 1 Xiuno | 1 Xiunobbs | 2020-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. | |||||
| CVE-2012-2656 | 1 Talend | 1 Restlet | 2019-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. | |||||
| CVE-2019-11216 | 1 Bmc | 1 Remedy Smart Reporting | 2019-12-13 | 5.5 MEDIUM | 6.5 MEDIUM |
| BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed. | |||||
| CVE-2019-14678 | 6 Hp, Ibm, Linux and 3 more | 15 Hp-ux, Aix, Z\/os and 12 more | 2019-11-22 | 7.5 HIGH | 10.0 CRITICAL |
| SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. | |||||
| CVE-2018-20687 | 1 Raritan | 1 Commandcenter Secure Gateway | 2019-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | |||||
| CVE-2014-3599 | 1 Redhat | 1 Hornetq | 2019-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | |||||
| CVE-2019-9757 | 1 Labkey | 1 Labkey Server | 2019-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. | |||||