Total
1076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1698 | 1 Cisco | 1 Iot Field Network Director | 2024-09-16 | N/A |
| A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected. | ||||
| CVE-2018-15444 | 1 Cisco | 1 Energy Management Suite Software | 2024-09-16 | N/A |
| A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application. | ||||
| CVE-2018-1000651 | 1 Gchq | 1 Stroom | 2024-09-16 | N/A |
| Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file. | ||||
| CVE-2021-23418 | 1 Glances Project | 1 Glances | 2024-09-16 | 6.3 Medium |
| The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks. | ||||
| CVE-2018-0878 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-09-16 | N/A |
| Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability". | ||||
| CVE-2021-20454 | 1 Ibm | 1 Websphere Application Server | 2024-09-16 | 8.2 High |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649. | ||||
| CVE-2017-18111 | 1 Atlassian | 1 Application Links | 2024-09-16 | N/A |
| The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability. | ||||
| CVE-2020-4875 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-09-16 | 8.2 High |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838. | ||||
| CVE-2017-1000497 | 1 Pepperminty-wiki Project | 1 Pepperminty-wiki | 2024-09-16 | 9.8 Critical |
| Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution | ||||
| CVE-2019-3722 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-09-16 | N/A |
| Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. | ||||
| CVE-2022-38419 | 1 Adobe | 1 Coldfusion | 2024-09-16 | 7.5 High |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. | ||||
| CVE-2018-1000652 | 1 Jabref | 1 Jabref | 2024-09-16 | N/A |
| JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d. | ||||
| CVE-2021-20492 | 1 Ibm | 1 Websphere Application Server | 2024-09-16 | 8.2 High |
| IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793. | ||||
| CVE-2018-1000011 | 1 Jenkins | 1 Findbugs | 2024-09-16 | N/A |
| Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | ||||
| CVE-2012-4399 | 1 Cakefoundation | 1 Cakephp | 2024-09-16 | 7.5 High |
| The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | ||||
| CVE-2020-7035 | 1 Avaya | 1 Aura Orchestration Designer | 2024-09-16 | 8.1 High |
| An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3. | ||||
| CVE-2019-4456 | 1 Ibm | 1 Daeja Viewone | 2024-09-16 | 7.1 High |
| IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 163620. | ||||
| CVE-2017-1758 | 1 Ibm | 3 Control Center, Financial Transaction Manager, Transformation Extender Advanced | 2024-09-16 | N/A |
| IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859. | ||||
| CVE-2019-4062 | 1 Ibm | 1 I2 Intelligent Analysis Platform | 2024-09-16 | 7.1 High |
| IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007. | ||||
| CVE-2020-4772 | 1 Ibm | 1 Curam Social Program Management | 2024-09-16 | 8.1 High |
| An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150. | ||||