Total
1076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4295 | 1 Healthit | 1 Code-validator-api | 2024-08-03 | 5.5 Medium |
| A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-4311 | 1 Talend | 1 Open Studio | 2024-08-03 | 5.5 Medium |
| A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-3869 | 1 Stanford | 1 Corenlp | 2024-08-03 | 7.5 High |
| corenlp is vulnerable to Improper Restriction of XML External Entity Reference | ||||
| CVE-2021-3878 | 1 Stanford | 1 Corenlp | 2024-08-03 | 9.8 Critical |
| corenlp is vulnerable to Improper Restriction of XML External Entity Reference | ||||
| CVE-2021-3836 | 1 Dbeaver | 1 Dbeaver | 2024-08-03 | 5.5 Medium |
| dbeaver is vulnerable to Improper Restriction of XML External Entity Reference | ||||
| CVE-2021-3312 | 1 Alkacon | 1 Opencms | 2024-08-03 | 6.5 Medium |
| An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document. | ||||
| CVE-2021-1630 | 1 Salesforce | 1 Mule | 2024-08-03 | 7.5 High |
| XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers. | ||||
| CVE-2021-1628 | 1 Salesforce | 1 Mule | 2024-08-03 | 9.8 Critical |
| MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021. | ||||
| CVE-2022-47873 | 1 Netcad | 1 Keos | 2024-08-03 | 9.8 Critical |
| Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). | ||||
| CVE-2022-47514 | 1 Xml-rpc.net Project | 1 Xml-rpc.net | 2024-08-03 | 8.8 High |
| An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request. | ||||
| CVE-2022-46827 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 3.9 Low |
| In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | ||||
| CVE-2022-46682 | 1 Jenkins | 1 Plot | 2024-08-03 | 9.8 Critical |
| Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-46300 | 1 Visam | 1 Vbase Automation Base | 2024-08-03 | 5.5 Medium |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||||
| CVE-2022-45876 | 1 Visam | 1 Vbase | 2024-08-03 | 5.5 Medium |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||||
| CVE-2022-45588 | 1 Talend | 1 Remote Engine Gen 2 | 2024-08-03 | 7.8 High |
| All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input. | ||||
| CVE-2022-45396 | 1 Jenkins | 1 Sourcemonitor | 2024-08-03 | 9.8 Critical |
| Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45397 | 1 Jenkins | 1 Osf Builder Suite \ | 2024-08-03 | 9.8 Critical |
| Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45400 | 1 Jenkins | 1 Japex | 2024-08-03 | 9.8 Critical |
| Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45386 | 1 Jenkins | 1 Violations | 2024-08-03 | 5.5 Medium |
| Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45395 | 1 Jenkins | 1 Cccc | 2024-08-03 | 9.8 Critical |
| Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||