CWE:
 

Topic
Date
Author
Med.
Revive Adserver 3.0.5 Cross Site Scripting / Denial Of Service
18.12.2014
Matteo Beccati
Med.
Ruby Entity expansion DoS vulnerability in REXML (XML bomb)
07.03.2013
Kurt Seifried


CVEMAP Search Results

CVE
Details
Description
2021-04-20
Medium
CVE-2021-20453

Vendor: IBM
Software: Websphere ap...
 

 
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.

 
2021-04-13
Low
CVE-2021-28973

Vendor: Perforce
Software: Helix alm
 

 
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.

 
2021-03-12
Medium
CVE-2021-28302

Vendor: Pupnp project
Software: Pupnp
 

 
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.

 
2021-01-29
Low
CVE-2020-24665

Vendor: Hitachi
Software: Vantara pentaho
 

 
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA

 
2021-01-13
Low
CVE-2021-1267

Vendor: Cisco
Software: Firepower ma...
 

 
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by crafting an XML-based widget on an affected server. A successful exploit could cause increased memory and CPU utilization, which could result in a DoS condition.

 
2020-09-01
Low
CVE-2012-3340

Vendor: IBM
Software: Infosphere g...
 

 
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.

 
2020-08-21
Medium
CVE-2020-24052

Updating...
 

 
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request.

 
Medium
CVE-2020-24589

Vendor: WSO2
Software: Api manager
 

 
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

 
Medium
CVE-2020-24590

Vendor: WSO2
Software: Api manager
 

 
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.

 
Medium
CVE-2020-24591

Vendor: WSO2
Software: Api manager
 

 
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top