Total
1045 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46300 | 1 Visam | 1 Vbase Automation Base | 2025-01-17 | N/A | 5.5 MEDIUM |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | |||||
| CVE-2022-45876 | 1 Visam | 1 Vbase | 2025-01-17 | N/A | 5.5 MEDIUM |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | |||||
| CVE-2022-41221 | 1 Opentext | 1 Archive Center Administration | 2025-01-17 | N/A | 7.1 HIGH |
| The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it. | |||||
| CVE-2024-12476 | 2025-01-17 | N/A | N/A | ||
| CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. | |||||
| CVE-2012-3363 | 3 Debian, Fedoraproject, Zend | 3 Debian Linux, Fedora, Zend Framework | 2025-01-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack. | |||||
| CVE-2024-4357 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. | |||||
| CVE-2023-34411 | 1 Xml Library Project | 1 Xml Library | 2025-01-08 | N/A | 7.5 HIGH |
| The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9. | |||||
| CVE-2023-24470 | 1 Microfocus | 1 Arcsight Logger | 2025-01-06 | N/A | 9.1 CRITICAL |
| Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. | |||||
| CVE-2023-29498 | 1 Fujielectric | 1 Frenic Rhc Loader | 2025-01-03 | N/A | 5.5 MEDIUM |
| Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed. | |||||
| CVE-2024-56356 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 7.1 HIGH |
| In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack | |||||
| CVE-2024-31139 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 8.1 HIGH |
| In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | |||||
| CVE-2024-55887 | 2024-12-13 | N/A | N/A | ||
| Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can submit XML. Release 1.0.9 of Ucum-java fixes this vulnerability. As a workaround, ensure that the source xml for instantiating UcumEssenceService is trusted. | |||||
| CVE-2024-11622 | 1 Hpe | 1 Insight Remote Support | 2024-12-12 | N/A | 7.5 HIGH |
| An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | |||||
| CVE-2024-53674 | 1 Hpe | 1 Insight Remote Support | 2024-12-12 | N/A | 7.5 HIGH |
| An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | |||||
| CVE-2024-53675 | 1 Hpe | 1 Insight Remote Support | 2024-12-12 | N/A | 7.5 HIGH |
| An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | |||||
| CVE-2024-25606 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-11 | N/A | 8.7 HIGH |
| XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method. | |||||
| CVE-2024-54005 | 2024-12-10 | N/A | 5.1 MEDIUM | ||
| A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems. | |||||
| CVE-2024-49704 | 2024-12-10 | N/A | 5.5 MEDIUM | ||
| A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components. | |||||
| CVE-2024-47582 | 2024-12-10 | N/A | N/A | ||
| Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application. | |||||
| CVE-2024-52806 | 2024-12-02 | N/A | N/A | ||
| SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18. | |||||