Vulnerabilities > Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-34430 | XML Entity Expansion vulnerability in Dell Hybrid Client Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. | 7.5 |
| 2022-08-30 | CVE-2022-25857 | XML Entity Expansion vulnerability in multiple products The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. | 7.5 |
| 2022-08-26 | CVE-2022-0217 | XML Entity Expansion vulnerability in Prosody It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. | 7.5 |
| 2022-07-26 | CVE-2022-33977 | XML Entity Expansion vulnerability in Untangle Project Untangle untangle is a python library to convert XML data to python objects. | 7.5 |
| 2022-07-12 | CVE-2022-34467 | XML Entity Expansion vulnerability in Mendix Excel Importer A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). | 6.5 |
| 2022-06-28 | CVE-2021-41559 | XML Entity Expansion vulnerability in Silverstripe Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | 6.5 |
| 2022-06-21 | CVE-2021-40511 | XML Entity Expansion vulnerability in Obdasystems Mastro 1.0 OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service. | 7.5 |
| 2022-04-22 | CVE-2021-20464 | XML Entity Expansion vulnerability in multiple products IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. | 6.5 |
| 2022-03-10 | CVE-2022-26662 | XML Entity Expansion vulnerability in multiple products An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. | 7.5 |
| 2022-03-02 | CVE-2022-23640 | XML Entity Expansion vulnerability in Excel Streaming Reader Project Excel Streaming Reader Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. | 9.8 |