Total
1209 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0250 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510.
|
|||||
| CVE-2016-0219 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.
|
|||||
| CVE-2015-9280 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
|
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
|
|||||
| CVE-2015-8549 | 1 Pyamf | 1 Pyamf | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.
|
|||||
| CVE-2015-8031 | 1 Eclipse | 1 Hudson | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.
|
|||||
| CVE-2015-7968 | 1 Sap | 1 Netweaver Application Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.
|
|||||
| CVE-2015-7461 | 1 Ibm | 1 Connections | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.
|
|||||
| CVE-2015-3907 | 1 Codeigniter-restserver Project | 1 Codeigniter-restserver | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks.
|
|||||
| CVE-2015-1811 | 1 Jenkins | 1 Cloudbees | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
|
|||||
| CVE-2015-1809 | 1 Jenkins | 1 Cloudbees | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.
|
|||||
| CVE-2015-10082 | 1 Libimobiledevice | 1 Libplist | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.
|
|||||
| CVE-2015-10029 | 1 Simplexrd Project | 1 Simplexrd | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is identified as 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2014-5238 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
|
|||||
| CVE-2014-3990 | 1 Opencart | 1 Opencart | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.
|
|||||
| CVE-2014-3643 | 1 Jersey Project | 1 Jersey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
jersey: XXE via parameter entities not disabled by the jersey SAX parser
|
|||||
| CVE-2014-3599 | 1 Redhat | 1 Hornetq | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy
|
|||||
| CVE-2014-3244 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
|
|||||
| CVE-2014-3005 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
|
|||||
| CVE-2014-2296 | 1 Apereo | 1 Cas Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.
|
|||||
| CVE-2014-125087 | 1 Java-xmlbuilder Project | 1 Java-xmlbuilder | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.
|
|||||
| CVE-2014-0950 | 1 Ibm | 1 Rational Clearquest | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
|
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.
|
|||||
| CVE-2014-0931 | 1 Ibm | 1 Rational Clearcase | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.
|
|||||
| CVE-2013-4334 | 1 Tejimaya | 1 Opwebapiplugin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities
|
|||||
| CVE-2013-4333 | 1 Tejimaya | 1 Openpne | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
|
|||||
| CVE-2012-2656 | 1 Talend | 1 Restlet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.
|
|||||
| CVE-2012-1102 | 1 Xml\ | 1 \ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.
|
|||||
| CVE-2011-3600 | 1 Apache | 1 Ofbiz | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04.
|
|||||
| CVE-2024-20531 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 6.5 MEDIUM |
|
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.
This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by send ...
Show More |
|||||
| CVE-2024-39726 | 3 Ibm, Linux, Microsoft | 3 Engineering Lifecycle Optimization - Engineering Insights, Linux Kernel, Windows | 2024-11-19 | N/A | 8.2 HIGH |
|
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
|
|||||
| CVE-2021-3902 | 1 Dompdf Project | 1 Dompdf | 2024-11-19 | N/A | 9.8 CRITICAL |
|
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks.
|
|||||
| CVE-2024-10839 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-13 | N/A | 8.1 HIGH |
|
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
|
|||||
| CVE-2024-52007 | 2024-11-12 | N/A | 8.6 HIGH | ||
|
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This is related to GHS ...
Show More |
|||||
| CVE-2024-45086 | 1 Ibm | 1 Websphere Application Server | 2024-11-06 | N/A | 5.5 MEDIUM |
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
|
|||||
| CVE-2024-51132 | 2024-11-06 | N/A | 9.8 CRITICAL | ||
|
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
|
|||||
| CVE-2024-51136 | 1 Openimaj | 1 Openimaj | 2024-11-06 | N/A | 9.8 CRITICAL |
|
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file.
|
|||||
| CVE-2024-50442 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-10-29 | N/A | 7.2 HIGH |
|
Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.
|
|||||
| CVE-2024-4690 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 8.0 HIGH |
|
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
|
|||||
| CVE-2024-4184 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 8.0 HIGH |
|
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
|
|||||
| CVE-2024-4189 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 8.0 HIGH |
|
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
|
|||||
| CVE-2024-45072 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | N/A | 5.5 MEDIUM |
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
|
|||||