Total
998 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52252 | 1 Unifiedremote | 1 Unified Remote | 2024-01-05 | N/A | 9.8 CRITICAL |
| Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. | |||||
| CVE-2019-3773 | 2 Oracle, Pivotal Software | 3 Financial Services Analytical Applications Infrastructure, Flexcube Private Banking, Spring Web Services | 2023-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | |||||
| CVE-2023-46265 | 1 Ivanti | 1 Avalanche | 2023-12-22 | N/A | 9.8 CRITICAL |
| An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | |||||
| CVE-2019-13990 | 5 Apache, Atlassian, Netapp and 2 more | 31 Tomee, Jira Service Management, Active Iq Unified Manager and 28 more | 2023-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | |||||
| CVE-2023-6836 | 1 Wso2 | 7 Api Manager, Api Manager Analytics, Api Microgateway and 4 more | 2023-12-19 | N/A | 7.5 HIGH |
| Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | |||||
| CVE-2023-6721 | 1 Europeana | 1 Repox | 2023-12-18 | N/A | 7.5 HIGH |
| An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system. | |||||
| CVE-2023-6194 | 1 Eclipse | 1 Memory Analyzer | 2023-12-13 | N/A | 7.1 HIGH |
| In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. | |||||
| CVE-2016-5851 | 1 Python-openxml Project | 1 Python-docx | 2023-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. | |||||
| CVE-2023-49733 | 1 Apache | 1 Cocoon | 2023-12-05 | N/A | 9.8 CRITICAL |
| Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | |||||
| CVE-2023-49656 | 1 Jenkins | 1 Matlab | 2023-12-05 | N/A | 9.8 CRITICAL |
| Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2023-4218 | 1 Eclipse | 3 Eclipse Ide, Org.eclipse.core.runtime, Pde | 2023-11-24 | N/A | 5.0 MEDIUM |
| In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch). | |||||
| CVE-2021-43576 | 1 Jenkins | 1 Pom2config | 2023-11-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | |||||
| CVE-2021-43577 | 1 Jenkins | 1 Owasp Dependency-check | 2023-11-22 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2021-21701 | 1 Jenkins | 1 Performance | 2023-11-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2021-21680 | 1 Jenkins | 1 Nested View | 2023-11-22 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. | |||||
| CVE-2023-22274 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2023-11-22 | N/A | 7.5 HIGH |
| Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-43430 | 1 Jenkins | 1 Compuware Topaz For Total Test | 2023-11-22 | N/A | 7.5 HIGH |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2023-46590 | 1 Siemens | 1 Siemens Opc Ua Modeling Editor | 2023-11-20 | N/A | 7.5 HIGH |
| A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system. | |||||
| CVE-2022-28140 | 1 Jenkins | 1 Flaky Test Handler | 2023-11-17 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-0861 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-15 | 5.5 MEDIUM | 3.8 LOW |
| A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data. | |||||