Total
1103 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10029 | 1 Simplexrd Project | 1 Simplexrd | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is identified as 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-5238 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document. | |||||
| CVE-2014-3990 | 1 Opencart | 1 Opencart | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | |||||
| CVE-2014-3643 | 1 Jersey Project | 1 Jersey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| jersey: XXE via parameter entities not disabled by the jersey SAX parser | |||||
| CVE-2014-3599 | 1 Redhat | 1 Hornetq | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | |||||
| CVE-2014-3244 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | |||||
| CVE-2014-3005 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | |||||
| CVE-2014-2296 | 1 Apereo | 1 Cas Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data. | |||||
| CVE-2014-125087 | 1 Java-xmlbuilder Project | 1 Java-xmlbuilder | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480. | |||||
| CVE-2014-0950 | 1 Ibm | 1 Rational Clearquest | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623. | |||||
| CVE-2014-0931 | 1 Ibm | 1 Rational Clearcase | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263. | |||||
| CVE-2013-4334 | 1 Tejimaya | 1 Opwebapiplugin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities | |||||
| CVE-2013-4333 | 1 Tejimaya | 1 Openpne | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability | |||||
| CVE-2012-2656 | 1 Talend | 1 Restlet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. | |||||
| CVE-2012-1102 | 1 Xml\ | 1 \ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. | |||||
| CVE-2011-3600 | 1 Apache | 1 Ofbiz | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04. | |||||
| CVE-2024-20531 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 5.5 MEDIUM |
| A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device. | |||||
| CVE-2020-26066 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-50848 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file. | |||||
| CVE-2024-39726 | 3 Ibm, Linux, Microsoft | 3 Engineering Lifecycle Optimization - Engineering Insights, Linux Kernel, Windows | 2024-11-19 | N/A | 8.2 HIGH |
| IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||