Total
1168 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13706 | 1 Lansweeper | 1 Lansweeper | 2025-04-20 | 6.5 MEDIUM | 9.9 CRITICAL |
| XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705. | |||||
| CVE-2017-1322 | 1 Ibm | 1 Api Connect | 2025-04-20 | 6.4 MEDIUM | 8.2 HIGH |
| IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918. | |||||
| CVE-2016-2908 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. | |||||
| CVE-2016-4931 | 1 Juniper | 1 Junos Space | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. | |||||
| CVE-2017-15280 | 1 Umbraco | 1 Umbraco Cms | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs. | |||||
| CVE-2017-1383 | 1 Ibm | 2 Infosphere Information Server, Softlayer | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. | |||||
| CVE-2017-6895 | 1 Usb Pratirodh Project | 1 Usb Pratirodh | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. | |||||
| CVE-2016-5002 | 1 Apache | 1 Xml-rpc | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. | |||||
| CVE-2014-3600 | 1 Apache | 1 Activemq | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. | |||||
| CVE-2016-5748 | 1 Netiq | 1 Access Manager | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. | |||||
| CVE-2017-9458 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2016-9691 | 1 Ibm | 1 Websphere Cast Iron Solution | 2025-04-20 | 9.0 HIGH | 8.6 HIGH |
| IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. | |||||
| CVE-2017-12620 | 1 Apache | 1 Opennlp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected. | |||||
| CVE-2016-9706 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | 8.5 HIGH | 9.1 CRITICAL |
| IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. | |||||
| CVE-2017-2308 | 1 Juniper | 1 Junos Space | 2025-04-20 | 5.0 MEDIUM | 6.5 MEDIUM |
| An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. | |||||
| CVE-2016-5749 | 1 Netiq | 1 Access Manager | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack. | |||||
| CVE-2017-12621 | 1 Apache | 1 Commons Jelly | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1. | |||||
| CVE-2016-10127 | 1 Pysaml2 Project | 1 Pysaml2 | 2025-04-20 | 6.8 MEDIUM | 9.0 CRITICAL |
| PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |||||
| CVE-2017-5662 | 1 Apache | 1 Batik | 2025-04-20 | 7.9 HIGH | 7.3 HIGH |
| In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. | |||||
| CVE-2017-1149 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 7.5 HIGH | 8.1 HIGH |
| IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202. | |||||