Total
1073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4208 | 1 Ibm | 1 Tririga Application Platform | 2024-09-17 | 7.1 High |
| IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129. | ||||
| CVE-2021-20453 | 1 Ibm | 1 Websphere Application Server | 2024-09-17 | 8.2 High |
| IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648. | ||||
| CVE-2017-1527 | 1 Ibm | 1 Business Process Manager | 2024-09-17 | N/A |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156. | ||||
| CVE-2018-1970 | 1 Ibm | 1 Security Access Manager | 2024-09-17 | N/A |
| IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751. | ||||
| CVE-2018-1000124 | 1 I-librarian | 1 I\, Librarian | 2024-09-17 | N/A |
| I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea. | ||||
| CVE-2018-1000828 | 1 Frostwire | 1 Frostwire | 2024-09-17 | 9.0 Critical |
| FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software. | ||||
| CVE-2018-11048 | 1 Dell | 2 Emc Data Protection Advisor, Emc Integrated Data Protection Appliance | 2024-09-17 | 8.1 High |
| Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request. | ||||
| CVE-2017-8056 | 1 Watchguard | 1 Fireware | 2024-09-17 | N/A |
| WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox. | ||||
| CVE-2022-1331 | 1 Deltaww | 1 Dmars | 2024-09-17 | 5.5 Medium |
| In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. | ||||
| CVE-2017-1000496 | 1 Commsy | 1 Commsy | 2024-09-17 | N/A |
| Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code. | ||||
| CVE-2017-8557 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-09-17 | N/A |
| Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability". | ||||
| CVE-2018-12471 | 1 Suse | 1 Subscription Management Tool | 2024-09-17 | N/A |
| A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. | ||||
| CVE-2018-1000830 | 1 Xr3player Project | 1 Xr3player | 2024-09-17 | N/A |
| XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | ||||
| CVE-2018-1000837 | 1 Obeo | 1 Uml Designer | 2024-09-17 | 10.0 Critical |
| UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file. | ||||
| CVE-2020-7032 | 1 Avaya | 2 Aura System Manager, Weblm | 2024-09-17 | 6.5 Medium |
| An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. | ||||
| CVE-2020-7036 | 1 Avaya | 1 Callback Assist | 2024-09-17 | 8.1 High |
| An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7. | ||||
| CVE-2018-10614 | 1 We-con | 1 Levistudiou | 2024-09-17 | N/A |
| An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files. | ||||
| CVE-2018-1000616 | 1 Onosproject | 1 Onos | 2024-09-17 | N/A |
| ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity. | ||||
| CVE-2018-1844 | 1 Ibm | 1 Filenet Content Manager | 2024-09-17 | N/A |
| IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904. | ||||
| CVE-2018-5433 | 1 Tibco | 1 Administrator | 2024-09-17 | N/A |
| The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1. | ||||