Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

xml external entity vulnerabilities and exploits

(subscribe to this query)

6.4
CVSSv2
CVE-2020-4462
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability...
Ibm Sterling External Authentication Server 2.4.2.0Ibm Sterling External Authentication Server 2.4.3.2Ibm Sterling External Authentication Server 6.0.0.0Ibm Sterling External Authentication Server 6.0.1.0Ibm Sterling Secure Proxy 3.4.2.0Ibm Sterling Secure Proxy 3.4.3.0Ibm Sterling Secure Proxy 6.0.0.0Ibm Sterling Secure Proxy 6.0.1.0
5.5
CVSSv2
CVE-2019-19031
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload....
Edit-xml Easy Xml Editor
5
CVSSv2
CVE-2014-1626
XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file....
Galen Charlton Marc-xmlGalen Charlton Marc-xml 1.0
6.4
CVSSv2
CVE-2016-9180
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting....
Xmltwig Xml-twig For Perl -
9.3
CVSSv2
CVE-2012-4710
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference....
Invensys Wonderware Win-xml Exporter 1522.148.0.0
9.3
CVSSv2
CVE-2016-5002
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD....
Apache Xml-rpc 3.1.3
7.5
CVSSv2
CVE-2016-3720
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors....
Fedoraproject Fedora 24Fasterxml Jackson-dataformat-xml
7.5
CVSSv2
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This...
Sas Xml Mapper 9.45Sas Base Sas 9.4
5
CVSSv2
CVE-2015-3451
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function....
Xml-libxml Project Xml-libxmlDebian Debian Linux 7.0Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.10Debian Debian Linux 8.0Fedoraproject Fedora 21Fedoraproject Fedora 20Opensuse Opensuse 13.2Opensuse Opensuse 13.1
5
CVSSv2
CVE-2022-29265
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors...
Apache Nifi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-30216administrator privilegesreflected XSSCVE-2022-35011CVE-2022-34713CVE-2022-35009CVE-2022-35479CVE-2022-1410authentication bypass
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook