Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-43576
Jenkins pom2config Plugin 1.2 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction o...
Jenkins Pom2config
NA
CVE-2014-6032
Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 up to and including 11.6.0 and 10.0.0 up to and including 10.2.4, AAM 11.4.0 up to and including 11.6.0, ARM 11.3.0 up to and including 11.6.0, Ana...
F5 Big-ip Protocol Security Module 10.2.3
F5 Big-ip Protocol Security Module 11.0.0
F5 Big-ip Protocol Security Module 10.2.0
F5 Big-ip Protocol Security Module 10.2.1
F5 Big-ip Protocol Security Module 11.2.1
F5 Big-ip Protocol Security Module 11.3.0
F5 Big-ip Protocol Security Module 11.4.0
F5 Big-ip Protocol Security Module 10.0.0
F5 Big-ip Protocol Security Module 10.1.0
F5 Big-ip Protocol Security Module 11.1.0
F5 Big-ip Protocol Security Module 11.2.0
F5 Big-ip Protocol Security Module 10.2.2
F5 Big-ip Protocol Security Module 10.2.4
F5 Big-ip Protocol Security Module 11.4.1
F5 Big-ip Global Traffic Manager 10.0.0
F5 Big-ip Global Traffic Manager 10.1.0
F5 Big-ip Global Traffic Manager 11.1.0
F5 Big-ip Global Traffic Manager 11.2.0
F5 Big-ip Global Traffic Manager 11.6.0
F5 Big-ip Global Traffic Manager 10.2.2
F5 Big-ip Global Traffic Manager 10.2.3
F5 Big-ip Global Traffic Manager 11.4.1
NA
CVE-2014-6033
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed...
NA
CVE-2013-4034
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity re...
Ibm Cognos Business Intelligence 10.2
Ibm Cognos Business Intelligence 10.2.1
Ibm Cognos Business Intelligence 10.2.1.1
Ibm Cognos Business Intelligence 8.4.1
Ibm Cognos Business Intelligence 10.1
Ibm Cognos Business Intelligence 10.1.1
1 EDB exploit
6
CVSSv3
CVE-2023-20030
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact ...
Cisco Identity Services Engine 3.2
Cisco Identity Services Engine
7.3
CVSSv3
CVE-2020-3405
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote malicious user to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries...
Cisco Sd-wan Firmware
6.5
CVSSv3
CVE-2021-21701
Jenkins Performance Plugin 3.20 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Performance
5.5
CVSSv3
CVE-2017-8918
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows malicious users to remotely view local files via a crafted template.xml file.
Blackwave Dive Assistant 8.0
1 EDB exploit
7.8
CVSSv3
CVE-2016-9487
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary reque...
W3 Epubcheck 4.0.1
NA
CVE-2020-26066
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »