Total
992 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5851 | 1 Python-openxml Project | 1 Python-docx | 2023-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. | |||||
| CVE-2023-49733 | 1 Apache | 1 Cocoon | 2023-12-05 | N/A | 9.8 CRITICAL |
| Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | |||||
| CVE-2023-49656 | 1 Jenkins | 1 Matlab | 2023-12-05 | N/A | 9.8 CRITICAL |
| Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2023-4218 | 1 Eclipse | 3 Eclipse Ide, Org.eclipse.core.runtime, Pde | 2023-11-24 | N/A | 5.0 MEDIUM |
| In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch). | |||||
| CVE-2021-43576 | 1 Jenkins | 1 Pom2config | 2023-11-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | |||||
| CVE-2021-43577 | 1 Jenkins | 1 Owasp Dependency-check | 2023-11-22 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2021-21701 | 1 Jenkins | 1 Performance | 2023-11-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2021-21680 | 1 Jenkins | 1 Nested View | 2023-11-22 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. | |||||
| CVE-2023-22274 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2023-11-22 | N/A | 7.5 HIGH |
| Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-43430 | 1 Jenkins | 1 Compuware Topaz For Total Test | 2023-11-22 | N/A | 7.5 HIGH |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2023-46590 | 1 Siemens | 1 Siemens Opc Ua Modeling Editor | 2023-11-20 | N/A | 7.5 HIGH |
| A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system. | |||||
| CVE-2022-28140 | 1 Jenkins | 1 Flaky Test Handler | 2023-11-17 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-0861 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-15 | 5.5 MEDIUM | 3.8 LOW |
| A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data. | |||||
| CVE-2022-2330 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2023-11-15 | N/A | 6.5 MEDIUM |
| Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly. | |||||
| CVE-2023-46802 | 1 Nta | 1 E-tax | 2023-11-14 | N/A | 5.5 MEDIUM |
| e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | |||||
| CVE-2022-34832 | 1 Vermeg | 1 Agile Reporter | 2023-11-08 | N/A | 6.5 MEDIUM |
| An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component. | |||||
| CVE-2023-30951 | 1 Palantir | 1 Magritte-rest-source-bundle | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | |||||
| CVE-2023-27876 | 1 Ibm | 1 Tririga Application Platform | 2023-11-07 | N/A | 7.1 HIGH |
| IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975. | |||||
| CVE-2023-27874 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2023-11-07 | N/A | 8.8 HIGH |
| IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845. | |||||
| CVE-2023-26043 | 1 Geosolutionsgroup | 1 Geonode | 2023-11-07 | N/A | 6.5 MEDIUM |
| GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3. | |||||