Vulnerabilities > Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-28 | CVE-2020-15303 | XML Entity Expansion vulnerability in Infoblox Nios Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564. | 6.5 |
2021-05-26 | CVE-2018-10868 | XML Entity Expansion vulnerability in Redhat Certification 7.0 redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host. | 7.5 |
2021-01-29 | CVE-2020-24665 | XML Entity Expansion vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0 The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. | 6.5 |
2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |
2021-01-13 | CVE-2021-1267 | XML Entity Expansion vulnerability in Cisco Secure Firewall Management Center A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 4.3 |
2020-09-01 | CVE-2012-3340 | XML Entity Expansion vulnerability in IBM Infosphere Guardium 8.0/8.0.1/8.2 IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. | 4.3 |
2020-08-21 | CVE-2020-24590 | XML Entity Expansion vulnerability in Wso2 API Manager and API Microgateway The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. | 9.1 |
2020-05-04 | CVE-2020-11462 | XML Entity Expansion vulnerability in Openvpn Access Server An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. | 7.5 |
2020-04-20 | CVE-2020-3946 | XML Entity Expansion vulnerability in VMWare Installbuilder InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). | 7.5 |
2020-04-07 | CVE-2020-2172 | XML Entity Expansion vulnerability in Jenkins Code Coverage API Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |