Total
1148 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11286 | 1 Adobe | 1 Coldfusion | 2025-04-20 | 7.5 High |
| Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | ||||
| CVE-2017-11272 | 1 Adobe | 1 Digital Editions | 2025-04-20 | N/A |
| Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability. | ||||
| CVE-2017-11390 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | N/A |
| XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. | ||||
| CVE-2017-12621 | 1 Apache | 1 Commons Jelly | 2025-04-20 | 9.8 Critical |
| During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1. | ||||
| CVE-2017-1000190 | 1 Simplexml Project | 1 Simplexml | 2025-04-20 | N/A |
| SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. | ||||
| CVE-2017-1000061 | 2 Redhat, Xmlsec Project | 2 Enterprise Linux, Xmlsec | 2025-04-20 | N/A |
| xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service | ||||
| CVE-2017-10617 | 1 Juniper | 1 Contrail | 2025-04-20 | 5 Medium |
| The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). | ||||
| CVE-2016-9724 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | N/A |
| IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999537. | ||||
| CVE-2016-9698 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | N/A |
| IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960. | ||||
| CVE-2016-9924 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | N/A |
| Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | ||||
| CVE-2015-7273 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2025-04-20 | N/A |
| Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | ||||
| CVE-2017-1000021 | 1 Logicaldoc | 1 Logicaldoc | 2025-04-20 | N/A |
| LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. | ||||
| CVE-2015-7241 | 1 Sap | 1 Netweaver | 2025-04-20 | N/A |
| XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | ||||
| CVE-2014-0030 | 1 Apache | 1 Roller | 2025-04-20 | N/A |
| The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | ||||
| CVE-2017-10889 | 1 Tablepress | 1 Tablepress | 2025-04-20 | N/A |
| TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | ||||
| CVE-2017-1103 | 1 Ibm | 2 Rational Quality Manager, Rational Team Concert | 2025-04-20 | N/A |
| IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665. | ||||
| CVE-2014-0225 | 3 Pivotal Software, Redhat, Vmware | 4 Spring Framework, Jboss Amq, Jboss Fuse and 1 more | 2025-04-20 | N/A |
| When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. | ||||
| CVE-2015-7326 | 1 Milton | 1 Webdav | 2025-04-20 | N/A |
| XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. | ||||
| CVE-2017-1192 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | N/A |
| IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663. | ||||
| CVE-2015-3160 | 1 Beaker-project | 1 Beaker | 2025-04-20 | N/A |
| XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system. | ||||