Total
967 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-3839 | 1 Cisco | 1 Secure Access Control System | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5). | |||||
CVE-2017-7457 | 1 Moxa | 1 Mx-aopc Server | 2023-12-10 | 1.9 LOW | 5.0 MEDIUM |
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. | |||||
CVE-2016-5748 | 1 Netiq | 1 Access Manager | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. | |||||
CVE-2016-3033 | 1 Ibm | 1 Appscan Source | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2016-2908 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. | |||||
CVE-2016-9924 | 1 Synacor | 1 Zimbra Collaboration Suite | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | |||||
CVE-2017-1103 | 1 Ibm | 2 Rational Quality Manager, Rational Team Concert | 2023-12-10 | 7.5 HIGH | 8.1 HIGH |
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665. | |||||
CVE-2016-9563 | 1 Sap | 1 Netweaver Application Server Java | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. | |||||
CVE-2017-6055 | 1 Eparaksts | 1 Eparakstitajs 3 | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file. | |||||
CVE-2017-7503 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed. | |||||
CVE-2016-9691 | 1 Ibm | 1 Websphere Cast Iron Solution | 2023-12-10 | 9.0 HIGH | 8.6 HIGH |
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. | |||||
CVE-2017-5661 | 1 Apache | 1 Formatting Objects Processor | 2023-12-10 | 7.9 HIGH | 7.3 HIGH |
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. | |||||
CVE-2017-3811 | 1 Cisco | 1 Webex Meetings Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054. | |||||
CVE-2017-5992 | 1 Python | 1 Openpyxl | 2023-12-10 | 5.8 MEDIUM | 8.2 HIGH |
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. | |||||
CVE-2016-4931 | 1 Juniper | 1 Junos Space | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. | |||||
CVE-2016-10149 | 2 Debian, Pysaml2 Project | 2 Debian Linux, Pysaml2 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | |||||
CVE-2016-7051 | 1 Fasterxml | 1 Jackson-dataformat-xml | 2023-12-10 | 5.0 MEDIUM | 8.6 HIGH |
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. | |||||
CVE-2016-9181 | 1 Image-info Project | 1 Image-info For Perl | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure. | |||||
CVE-2016-6805 | 1 Apache | 1 Ignite | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents. | |||||
CVE-2016-8974 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2023-12-10 | 7.5 HIGH | 8.1 HIGH |
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798. |