Total
967 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45876 | 1 Visam | 1 Vbase | 2023-12-10 | N/A | 5.5 MEDIUM |
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | |||||
CVE-2023-27527 | 1 Touki-kyoutaku-online | 1 Shinseiyo Sogo Soft | 2023-12-10 | N/A | 7.5 HIGH |
Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. | |||||
CVE-2023-28008 | 1 Hcltech | 1 Workload Automation | 2023-12-10 | N/A | 8.1 HIGH |
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||
CVE-2020-26710 | 1 Easy-parse Project | 1 Easy-parse | 2023-12-10 | N/A | 7.5 HIGH |
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | |||||
CVE-2023-34411 | 1 Xml Library Project | 1 Xml Library | 2023-12-10 | N/A | 7.5 HIGH |
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9. | |||||
CVE-2022-38840 | 1 Guralp | 1 Man-eam-0003 | 2023-12-10 | N/A | 7.5 HIGH |
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure. | |||||
CVE-2023-28682 | 1 Jenkins | 1 Performance Publisher | 2023-12-10 | N/A | 8.2 HIGH |
Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2023-28150 | 1 Independentsoft | 1 Jodf | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | |||||
CVE-2023-24470 | 1 Microfocus | 1 Arcsight Logger | 2023-12-10 | N/A | 9.1 CRITICAL |
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. | |||||
CVE-2023-20173 | 1 Cisco | 1 Identity Services Engine | 2023-12-10 | N/A | 4.9 MEDIUM |
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-43512 | 1 Visam | 1 Vbase Automation Base | 2023-12-10 | N/A | 5.5 MEDIUM |
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | |||||
CVE-2023-27554 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | N/A | 9.1 CRITICAL |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. | |||||
CVE-2023-28684 | 1 Jenkins | 1 Remote-jobs-view | 2023-12-10 | N/A | 6.5 MEDIUM |
Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2022-43941 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2023-12-10 | N/A | 6.5 MEDIUM |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. | |||||
CVE-2023-3113 | 1 Lenovo | 1 Xclarity Administrator | 2023-12-10 | N/A | 7.5 HIGH |
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. | |||||
CVE-2022-36969 | 1 Aveva | 1 Aveva Edge | 2023-12-10 | N/A | 7.1 HIGH |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LoadImportedLibraries method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-17394. | |||||
CVE-2023-28680 | 1 Jenkins | 1 Crap4j | 2023-12-10 | N/A | 7.5 HIGH |
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2023-20174 | 1 Cisco | 1 Identity Services Engine | 2023-12-10 | N/A | 4.9 MEDIUM |
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2023-28009 | 1 Hcltech | 1 Workload Automation | 2023-12-10 | N/A | 8.1 HIGH |
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||
CVE-2023-25955 | 1 Mlit | 1 National Land Numerical Information Data Conversion Tool | 2023-12-10 | N/A | 5.5 MEDIUM |
National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. |