Vulnerabilities > Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-31 | CVE-2023-41635 | XML Entity Expansion vulnerability in Grupposcai Realgimm 1.1.37 A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file. | 6.5 |
| 2023-08-08 | CVE-2023-3569 | XML Entity Expansion vulnerability in Phoenixcontact products In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service. | 4.9 |
| 2023-07-27 | CVE-2023-38490 | XML Entity Expansion vulnerability in Getkirby Kirby Kirby is a content management system. | 10.0 |
| 2023-03-20 | CVE-2023-28118 | XML Entity Expansion vulnerability in Kaml Project Kaml kaml provides YAML support for kotlinx.serialization. | 7.5 |
| 2023-03-01 | CVE-2023-20052 | XML Entity Expansion vulnerability in multiple products On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. | 5.3 |
| 2022-11-18 | CVE-2022-44641 | XML Entity Expansion vulnerability in multiple products In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | 6.5 |
| 2022-10-11 | CVE-2022-34430 | XML Entity Expansion vulnerability in Dell Hybrid Client Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. | 7.5 |
| 2022-08-30 | CVE-2022-25857 | XML Entity Expansion vulnerability in multiple products The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. | 7.5 |
| 2022-08-26 | CVE-2022-0217 | XML Entity Expansion vulnerability in Prosody It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. | 7.5 |
| 2022-07-12 | CVE-2022-34467 | XML Entity Expansion vulnerability in Mendix Excel Importer A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). | 4.0 |