Vulmon Recent Vulnerabilities Trends About Contact

xml external entity vulnerabilities and exploits

(subscribe to this query)

9.3
CVSSv2
CVE-2016-5002
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD....
ApacheXml-rpc
6.4
CVSSv2
CVE-2016-9180
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting....
XmltwigXml-twig For Perl
5
CVSSv2
CVE-2014-1626
XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file....
Galen CharltonMarc-xml
7.5
CVSSv2
CVE-2016-3720
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors....
FasterxmlJackson-dataformat-xmlFedoraprojectFedora
5.5
CVSSv2
CVE-2019-19031
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload....
Edit-xmlEasy Xml Editor
5
CVSSv2
CVE-2015-3451
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function....
Xml-libxml ProjectXml-libxmlCanonicalUbuntu LinuxDebianDebian LinuxFedoraprojectFedoraOpensuse
5
CVSSv2
CVE-2017-9233
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD....
Libexpat ProjectLibexpat
4.3
CVSSv2
CVE-2013-1881
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
GnomeLibrsvg
7.5
CVSSv2
CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity...
Modsecurity
5
CVSSv2
CVE-2015-7081
iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
AppleIphone OsMac Os X
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-2034SSTImods-for-heskphplistmods for heskCVE-2020-15092CVE-2020-8195open redirectCVE-2018-12371overflowCVE-2012-6489CVE-2013-0802