Vulnerabilities > Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

DATE CVE VULNERABILITY TITLE RISK
2022-07-26 CVE-2022-33977 XML Entity Expansion vulnerability in Untangle Project Untangle
untangle is a python library to convert XML data to python objects.
network
low complexity
untangle-project CWE-776
7.5
2022-07-12 CVE-2022-34467 XML Entity Expansion vulnerability in Mendix Excel Importer
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2).
network
low complexity
mendix CWE-776
6.5
2022-06-28 CVE-2021-41559 XML Entity Expansion vulnerability in Silverstripe
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
network
low complexity
silverstripe CWE-776
6.5
2022-06-21 CVE-2021-40511 XML Entity Expansion vulnerability in Obdasystems Mastro 1.0
OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service.
network
low complexity
obdasystems CWE-776
7.5
2022-04-22 CVE-2021-20464 XML Entity Expansion vulnerability in multiple products
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user.
network
low complexity
ibm netapp CWE-776
6.5
2022-03-10 CVE-2022-26662 XML Entity Expansion vulnerability in multiple products
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1.
network
low complexity
tryton debian CWE-776
7.5
2022-03-02 CVE-2022-23640 XML Entity Expansion vulnerability in Excel Streaming Reader Project Excel Streaming Reader
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI.
network
low complexity
excel-streaming-reader-project CWE-776
critical
9.8
2021-09-17 CVE-2021-31842 XML Entity Expansion vulnerability in Mcafee Endpoint Security
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.
local
low complexity
mcafee CWE-776
5.5
2021-08-10 CVE-2021-38490 XML Entity Expansion vulnerability in Altova Mobiletogether Server 7.0/7.3
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.
network
low complexity
altova CWE-776
7.5
2021-07-09 CVE-2021-3541 XML Entity Expansion vulnerability in multiple products
A flaw was found in libxml2.
network
low complexity
xmlsoft redhat oracle netapp CWE-776
6.5