ReportizFlow
Filtered by vendor
Subscriptions
Total
1101 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29443 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2024-11-21 | 4.9 Medium |
| Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. | ||||
| CVE-2023-28828 | 1 Siemens | 1 Polarion Alm | 2024-11-21 | 5.9 Medium |
| A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. | ||||
| CVE-2023-28685 | 1 Jenkins | 1 Absint A3 | 2024-11-21 | 7.1 High |
| Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-28684 | 1 Jenkins | 1 Remote-jobs-view | 2024-11-21 | 6.5 Medium |
| Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-28683 | 1 Jenkins | 1 Phabricator Differential | 2024-11-21 | 8.2 High |
| Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-28682 | 1 Jenkins | 1 Performance Publisher | 2024-11-21 | 8.2 High |
| Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-28681 | 1 Jenkins | 1 Visual Studio Code Metrics | 2024-11-21 | 8.2 High |
| Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-28680 | 1 Jenkins | 1 Crap4j | 2024-11-21 | 7.5 High |
| Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-28340 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 Medium |
| Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. | ||||
| CVE-2023-28152 | 1 Independentsoft | 1 Jword | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | ||||
| CVE-2023-28151 | 1 Independentsoft | 1 Jspreadsheet | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | ||||
| CVE-2023-28150 | 1 Independentsoft | 1 Jodf | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | ||||
| CVE-2023-28009 | 1 Hcltech | 1 Workload Automation | 2024-11-21 | 6.5 Medium |
| HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2023-28008 | 1 Hcltech | 1 Workload Automation | 2024-11-21 | 7.1 High |
| HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2023-27876 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 7.1 High |
| IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975. | ||||
| CVE-2023-27874 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-11-21 | 9.9 Critical |
| IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845. | ||||
| CVE-2023-27554 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.3 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. | ||||
| CVE-2023-27527 | 1 Touki-kyoutaku-online | 1 Shinseiyo Sogo Soft | 2024-11-21 | 7.5 High |
| Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. | ||||
| CVE-2023-27480 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 7.7 High |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually. | ||||
| CVE-2023-27476 | 1 Osgeo | 1 Owslib | 2024-11-21 | 8.2 High |
| OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details. | ||||