Total
988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4312 | 1 Wso2 | 1 Identity Server | 2024-02-04 | 6.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials. | |||||
| CVE-2015-7273 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | |||||
| CVE-2017-3839 | 1 Cisco | 1 Secure Access Control System | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5). | |||||
| CVE-2017-6344 | 1 Grails | 1 Pdf Plugin | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | |||||
| CVE-2017-7907 | 1 Schneider-electric | 1 Wonderware Historian Client | 2024-02-04 | 3.3 LOW | 6.6 MEDIUM |
| An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network. | |||||
| CVE-2016-6805 | 1 Apache | 1 Ignite | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents. | |||||
| CVE-2016-8974 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2024-02-04 | 7.5 HIGH | 8.1 HIGH |
| IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798. | |||||
| CVE-2016-4931 | 1 Juniper | 1 Junos Space | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. | |||||
| CVE-2016-10149 | 2 Debian, Pysaml2 Project | 2 Debian Linux, Pysaml2 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | |||||
| CVE-2016-9180 | 1 Xmltwig | 1 Xml-twig For Perl | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting. | |||||
| CVE-2016-2908 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. | |||||
| CVE-2016-9924 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | |||||
| CVE-2016-6059 | 1 Ibm | 3 Infosphere Datastage, Infosphere Information Server, Infosphere Information Server On Cloud | 2024-02-04 | 7.5 HIGH | 8.1 HIGH |
| IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | |||||
| CVE-2017-7503 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed. | |||||
| CVE-2016-3974 | 1 Sap | 1 Netweaver Application Server Java | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994. | |||||
| CVE-2016-5971 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2024-02-04 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-1832 | 1 Apache | 1 Derby | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype. | |||||
| CVE-2016-4264 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 6.4 MEDIUM | 8.6 HIGH |
| The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-3451 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. | |||||
| CVE-2015-2125 | 1 Hp | 1 Webinspect | 2024-02-04 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors. | |||||