Vulnerabilities > Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-30 | CVE-2022-25857 | XML Entity Expansion vulnerability in multiple products The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. | 7.5 |
| 2022-08-26 | CVE-2022-0217 | XML Entity Expansion vulnerability in Prosody It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. | 7.5 |
| 2022-07-12 | CVE-2022-34467 | XML Entity Expansion vulnerability in Mendix Excel Importer A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). | 4.0 |
| 2022-06-28 | CVE-2021-41559 | XML Entity Expansion vulnerability in Silverstripe Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | 6.5 |
| 2022-06-21 | CVE-2021-40511 | XML Entity Expansion vulnerability in Obdasystems Mastro 1.0 OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service. | 5.0 |
| 2022-04-22 | CVE-2021-20464 | XML Entity Expansion vulnerability in multiple products IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. | 4.0 |
| 2022-03-10 | CVE-2022-26662 | XML Entity Expansion vulnerability in multiple products An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. | 5.0 |
| 2022-03-02 | CVE-2022-23640 | XML Entity Expansion vulnerability in Excel Streaming Reader Project Excel Streaming Reader Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. | 9.8 |
| 2021-09-17 | CVE-2021-31842 | XML Entity Expansion vulnerability in Mcafee Endpoint Security XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. | 5.5 |
| 2021-08-10 | CVE-2021-38490 | XML Entity Expansion vulnerability in Altova Mobiletogether Server 7.3 Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425. | 5.0 |