Filtered by vendor
Subscriptions
Total
1101 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-45727 | 1 Northgrid | 1 Proself | 2024-12-06 | 7.5 High |
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker. | ||||
CVE-2023-3113 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-03 | 8.2 High |
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. | ||||
CVE-2018-0100 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-12-03 | N/A |
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341. | ||||
CVE-2018-0108 | 1 Cisco | 1 Webex Meetings Server | 2024-12-03 | N/A |
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996. | ||||
CVE-2018-0207 | 1 Cisco | 1 Secure Access Control Server Solution Engine | 2024-12-02 | 3.3 Low |
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595. | ||||
CVE-2018-0218 | 1 Cisco | 1 Secure Access Control Server Solution Engine | 2024-12-02 | 3.3 Low |
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616. | ||||
CVE-2024-52806 | 1 Simplesamlphp | 1 Saml2 | 2024-12-02 | 8.3 High |
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18. | ||||
CVE-2024-52596 | 1 Simplesamlphp | 1 Xml-common | 2024-12-02 | N/A |
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0. | ||||
CVE-2024-40075 | 2024-12-02 | 4.3 Medium | ||
Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability. | ||||
CVE-2024-52800 | 2024-12-02 | N/A | ||
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available. | ||||
CVE-2024-34102 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2024-11-29 | 9.8 Critical |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction. | ||||
CVE-2024-9044 | 2024-11-29 | N/A | ||
A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS. | ||||
CVE-2018-16303 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2024-11-27 | N/A |
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. | ||||
CVE-2020-26708 | 1 Requests-xml Project | 1 Requests-xml | 2024-11-27 | 7.5 High |
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | ||||
CVE-2020-26709 | 1 Py-xml Project | 1 Py-xml | 2024-11-27 | 7.5 High |
py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | ||||
CVE-2020-26710 | 1 Easy-parse Project | 1 Easy-parse | 2024-11-27 | 7.5 High |
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | ||||
CVE-2022-20938 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 4.3 Medium |
A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed. | ||||
CVE-2018-0414 | 1 Cisco | 1 Secure Access Control Server Solution Engine | 2024-11-26 | N/A |
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. | ||||
CVE-2018-15444 | 1 Cisco | 1 Energy Management Suite Software | 2024-11-26 | N/A |
A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application. | ||||
CVE-2023-24466 | 1 Opentext | 1 Imanager | 2024-11-25 | 7.5 High |
Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenTextâ„¢ iManager 3.2.6.0200. |