CWE:
 

Tytuł
Data
Autor
High
SAP JAVA NetWeaver System Connections XML Injection
23.10.2021
Pablo Artuso
Med.
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
02.07.2018
Secator
High
Agorum Core Pro 7.8.1.4-251 XXE Injection
14.04.2017
Dr. Erlijn van Genucht...
High
USB Pratirodh XXE Injection
17.03.2017
Sachin Wagh
High
SAP NetWeaver 7.4 XXE Injection
24.11.2015
Roman Bezhan
High
Oracle E-Business Suite 12.1.3 XXE Injection
30.10.2015
erpscan
High
SAP Mobile Platform 3 XXE Injection
10.09.2015
Vahagn Vardanyan
High
Qlikview 11.20 SR4 Blind XXE Injection
09.09.2015
Alex Haynes
High
SAP NetWeaver Portal XMLValidationComponent XXE
25.06.2015
Vahagn Vardanyan
Med.
JobScheduler XML eXternal Entity Injection
09.09.2014
Christian Schneider


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-05-05
Medium
CVE-2022-28890

Vendor: Apache
Software: JENA
 

 
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.

 
2022-05-04
Low
CVE-2022-20780

Vendor: Cisco
Software: Enterprise n...
 

 
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.

 
2022-05-03
Low
CVE-2022-1331

Vendor: Deltaww
Software: Dmars
 

 
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.

 
High
CVE-2022-21949

Vendor: Opensuse
Software: Open build s...
 

 
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13.

 
2022-04-21
Medium
CVE-2022-0272

Vendor: Detekt
Software: Detekt
 

 
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.

 
2022-04-20
Low
CVE-2021-43990

Vendor: Fanuc
Software: Roboguide
 

 
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call.

 
2022-04-13
Low
CVE-2022-0221

Vendor: Schneider-electric
Software: Scadapack wo...
 

 
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior)

 
2022-04-05
Medium
CVE-2022-28219

Vendor: Zohocorp
Software: Manageengine...
 

 
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

 
2022-03-30
Medium
CVE-2021-33208

Vendor: Softwareag
Software: Mashzone nextgen
 

 
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.

 
Medium
CVE-2021-43142

Vendor: Jox project
Software: JOX
 

 
An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top