Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-6033
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed...
4.4
CVSSv3
CVE-2018-0100
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local malicious user to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External ...
Cisco Anyconnect Secure Mobility Client
7.3
CVSSv3
CVE-2020-3405
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote malicious user to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries...
Cisco Sd-wan Firmware
7.8
CVSSv3
CVE-2016-9487
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary reque...
W3 Epubcheck 4.0.1
4.9
CVSSv3
CVE-2023-20173
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these v...
Cisco Identity Services Engine
Cisco Identity Services Engine 3.0.0
Cisco Identity Services Engine 3.1
Cisco Identity Services Engine 3.2
4.9
CVSSv3
CVE-2023-20174
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these v...
Cisco Identity Services Engine
Cisco Identity Services Engine 3.0.0
Cisco Identity Services Engine 3.1
Cisco Identity Services Engine 3.2
6
CVSSv3
CVE-2023-20030
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact ...
Cisco Identity Services Engine 3.2
Cisco Identity Services Engine
6.5
CVSSv3
CVE-2021-21701
Jenkins Performance Plugin 3.20 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Performance
7.1
CVSSv3
CVE-2021-1530
A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote malicious user to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability i...
Cisco Broadworks Messaging Server 22.0
NA
CVE-2020-26066
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »