Total
954 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10127 | 1 Pysaml2 Project | 1 Pysaml2 | 2023-12-10 | 6.8 MEDIUM | 9.0 CRITICAL |
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |||||
CVE-2016-9707 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2023-12-10 | 7.5 HIGH | 8.1 HIGH |
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. | |||||
CVE-2016-8348 | 1 Emerson | 1 Liebert Sitescan Web | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. | |||||
CVE-2016-5749 | 1 Netiq | 1 Access Manager | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack. | |||||
CVE-2016-4312 | 1 Wso2 | 1 Identity Server | 2023-12-10 | 6.0 MEDIUM | 7.5 HIGH |
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials. | |||||
CVE-2016-9180 | 1 Xmltwig | 1 Xml-twig For Perl | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting. | |||||
CVE-2017-6895 | 1 Usb Pratirodh Project | 1 Usb Pratirodh | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. | |||||
CVE-2016-6059 | 1 Ibm | 3 Infosphere Datastage, Infosphere Information Server, Infosphere Information Server On Cloud | 2023-12-10 | 7.5 HIGH | 8.1 HIGH |
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | |||||
CVE-2016-9706 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2023-12-10 | 8.5 HIGH | 9.1 CRITICAL |
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. | |||||
CVE-2016-5851 | 1 Python-openxml Project | 1 Python-docx | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. | |||||
CVE-2017-8110 | 1 Modified-shop | 1 Modified Ecommerce Shopsoftware | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php. | |||||
CVE-2016-9724 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2023-12-10 | 7.5 HIGH | 8.1 HIGH |
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999537. | |||||
CVE-2016-0284 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2017-1289 | 1 Ibm | 1 Sdk | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. | |||||
CVE-2017-8056 | 1 Watchguard | 1 Fireware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox. | |||||
CVE-2017-1149 | 1 Ibm | 1 Urbancode Deploy | 2023-12-10 | 7.5 HIGH | 8.1 HIGH |
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202. | |||||
CVE-2017-6344 | 1 Grails | 1 Pdf Plugin | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | |||||
CVE-2016-7459 | 1 Vmware | 1 Vcenter Server | 2023-12-10 | 4.0 MEDIUM | 7.7 HIGH |
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2016-8980 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2023-12-10 | 7.5 HIGH | 8.1 HIGH |
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | |||||
CVE-2016-3027 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. |