Total
1122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10127 | 1 Pysaml2 Project | 1 Pysaml2 | 2025-04-20 | 6.8 MEDIUM | 9.0 CRITICAL |
| PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |||||
| CVE-2017-1254 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. | |||||
| CVE-2015-7326 | 1 Milton | 1 Webdav | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. | |||||
| CVE-2017-11286 | 1 Adobe | 1 Coldfusion | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||||
| CVE-2017-9458 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2016-5749 | 1 Netiq | 1 Access Manager | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack. | |||||
| CVE-2017-1383 | 1 Ibm | 2 Infosphere Information Server, Softlayer | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. | |||||
| CVE-2017-13706 | 1 Lansweeper | 1 Lansweeper | 2025-04-20 | 6.5 MEDIUM | 9.9 CRITICAL |
| XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705. | |||||
| CVE-2014-9487 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053. | |||||
| CVE-2017-12621 | 1 Apache | 1 Commons Jelly | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1. | |||||
| CVE-2017-15639 | 1 Getmura | 1 Mura Cms | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. | |||||
| CVE-2015-0194 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. | |||||
| CVE-2017-1219 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. | |||||
| CVE-2017-8557 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability". | |||||
| CVE-2017-12620 | 1 Apache | 1 Opennlp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected. | |||||
| CVE-2014-0225 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. | |||||
| CVE-2017-1458 | 1 Ibm | 1 Qradar Network Security | 2025-04-20 | 5.5 MEDIUM | 8.1 HIGH |
| IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377. | |||||
| CVE-2017-6344 | 1 Grails | 1 Pdf Plugin | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | |||||
| CVE-2016-5002 | 1 Apache | 1 Xml-rpc | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. | |||||
| CVE-2015-7743 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file. | |||||