Vulnerabilities (CVE)

Filtered by CWE-611
Total 945 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-25129 2024-02-23 N/A 2.7 LOW
The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously modified CodeQL database, or a specially prepared set of QL query sources, the CLI can be made to make an outgoing HTTP request to an URL that contains material read from a local file chosen by the attacker. This may result in a loss of privacy of exfiltration of secrets. Security researchers and QL authors who receive databases or QL source files from untrusted sources may be impacted. A single untrusted `.ql` or `.qll` file cannot be affected, but a zip archive or tarball containing QL sources may unpack auxiliary files that will trigger an attack when CodeQL sees them in the file system. Those using CodeQL for routine analysis of source trees with a preselected set of trusted queries are not affected. In particular, extracting XML files from a source tree into the CodeQL database does not make one vulnerable. The problem is fixed in release 2.16.3 of the CodeQL CLI. Other than upgrading, workarounds include not accepting CodeQL databases or queries from untrusted sources, or only processing such material on a machine without an Internet connection. Customers who use older releases of CodeQL for security scanning in an automated CI system and cannot upgrade for compliance reasons can continue using that version. That use case is safe. If such customers have a private query pack and use the `codeql pack create` command to precompile them before using them in the CI system, they should be using the production CodeQL release to run `codeql pack create`. That command is safe as long as the QL source it precompiled is trusted. All other development of the query pack should use an upgraded CLI.
CVE-2010-3322 1 Splunk 1 Splunk 2024-02-21 6.0 MEDIUM 8.8 HIGH
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
CVE-2024-25606 2024-02-20 N/A 8.0 HIGH
XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.
CVE-2023-42445 1 Gradle 1 Gradle 2024-02-16 N/A 5.3 MEDIUM
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.
CVE-2012-5656 4 Canonical, Fedoraproject, Inkscape and 1 more 4 Ubuntu Linux, Fedora, Inkscape and 1 more 2024-02-15 2.1 LOW 5.5 MEDIUM
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
CVE-2012-4399 1 Cakefoundation 1 Cakephp 2024-02-15 5.0 MEDIUM 7.5 HIGH
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
CVE-2012-3489 6 Apple, Canonical, Debian and 3 more 9 Mac Os X Server, Ubuntu Linux, Debian Linux and 6 more 2024-02-15 4.0 MEDIUM 6.5 MEDIUM
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
CVE-2012-0037 6 Apache, Debian, Fedoraproject and 3 more 13 Openoffice, Debian Linux, Fedora and 10 more 2024-02-15 4.3 MEDIUM 6.5 MEDIUM
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
CVE-2012-3363 3 Debian, Fedoraproject, Zend 3 Debian Linux, Fedora, Zend Framework 2024-02-15 6.4 MEDIUM 9.1 CRITICAL
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
CVE-2012-2239 2 Debian, Mahara 2 Debian Linux, Mahara 2024-02-15 6.4 MEDIUM 9.1 CRITICAL
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
CVE-2018-18471 4 Axentra, Medion, Netgear and 1 more 4 Hipserv, Lifecloud, Stora and 1 more 2024-02-14 10.0 HIGH 9.8 CRITICAL
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device.
CVE-2019-14276 1 Xnat 1 Xnat 2024-02-14 4.0 MEDIUM 6.5 MEDIUM
WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body.
CVE-2014-0030 1 Apache 1 Roller 2024-02-14 7.5 HIGH 9.8 CRITICAL
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVE-2021-45024 1 Rocketsoftware 1 Ags-zena 2024-02-14 7.5 HIGH 9.8 CRITICAL
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).
CVE-2023-52239 1 Magicsoftware 1 Magic Xpi Integration Platform 2024-02-13 N/A 6.5 MEDIUM
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.
CVE-2024-22024 1 Ivanti 3 Connect Secure, Policy Secure, Zero Trust Access 2024-02-13 N/A 8.3 HIGH
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
CVE-2024-24743 2024-02-13 N/A 8.6 HIGH
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.
CVE-2009-1699 3 Apple, Canonical, Opensuse 4 Iphone Os, Safari, Ubuntu Linux and 1 more 2024-02-10 7.1 HIGH 7.5 HIGH
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
CVE-2024-1167 1 Seweurodrive 1 Movitools Motionstudio 2024-02-09 N/A 7.5 HIGH
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.
CVE-2011-4107 3 Debian, Fedoraproject, Phpmyadmin 3 Debian Linux, Fedora, Phpmyadmin 2024-02-09 4.3 MEDIUM 6.5 MEDIUM
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.