Total
1074 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000840 | 1 Processing | 1 Processing | 2024-09-16 | N/A |
| Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document. | ||||
| CVE-2018-1000835 | 1 Keepassdx | 1 Keepass Dx | 2024-09-16 | 10.0 Critical |
| KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | ||||
| CVE-2017-1254 | 1 Ibm | 1 Security Guardium | 2024-09-16 | N/A |
| IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. | ||||
| CVE-2018-1821 | 1 Ibm | 1 Operational Decision Manager | 2024-09-16 | N/A |
| IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170. | ||||
| CVE-2018-1000831 | 1 K9mail | 1 K-9 Mail | 2024-09-16 | N/A |
| K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server. | ||||
| CVE-2016-8739 | 2 Apache, Redhat | 3 Cxf, Jboss Amq, Jboss Fuse | 2024-09-16 | N/A |
| The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk. | ||||
| CVE-2018-18659 | 1 Arcserve | 1 Udp | 2024-09-16 | N/A |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue. | ||||
| CVE-2018-12463 | 1 Hp | 1 Fortify Software Security Center | 2024-09-16 | 9.8 Critical |
| An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2019-4433 | 1 Ibm | 2 Infosphere Global Name Management, Infosphere Identity Insight | 2024-09-16 | 8.2 High |
| IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890. | ||||
| CVE-2020-7037 | 1 Avaya | 1 Equinox Conferencing | 2024-09-16 | 8.1 High |
| An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server. | ||||
| CVE-2018-1421 | 1 Ibm | 1 Datapower Gateway | 2024-09-16 | N/A |
| IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023. | ||||
| CVE-2019-15983 | 1 Cisco | 1 Data Center Network Manager | 2024-09-16 | 4.9 Medium |
| A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the DCNM application. The vulnerability exists because the SOAP API improperly handles XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by inserting malicious XML content in an API request. A successful exploit could allow the attacker to read arbitrary files from the affected device. Note: The severity of this vulnerability is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | ||||
| CVE-2018-1669 | 1 Ibm | 1 Datapower Gateway | 2024-09-16 | N/A |
| IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950. | ||||
| CVE-2019-4730 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-16 | 7.1 High |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533. | ||||
| CVE-2018-8026 | 2 Apache, Netapp | 3 Solr, Snapcenter, Storage Automation Store | 2024-09-16 | N/A |
| This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability. | ||||
| CVE-2021-40722 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-16 | 9.8 Critical |
| AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE. | ||||
| CVE-2018-20233 | 1 Atlassian | 1 Universal Plugin Manager | 2024-09-16 | N/A |
| The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. | ||||
| CVE-2018-1000834 | 1 Runelite | 1 Runelite | 2024-09-16 | N/A |
| runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | ||||
| CVE-2022-21949 | 1 Opensuse | 1 Open Build Service | 2024-09-16 | 8.8 High |
| A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13. | ||||
| CVE-2018-20059 | 1 Pippo | 1 Pippo | 2024-09-16 | N/A |
| jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | ||||