Vulnerabilities > Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

DATE CVE VULNERABILITY TITLE RISK
2021-06-28 CVE-2020-15303 XML Entity Expansion vulnerability in Infoblox Nios
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.
network
low complexity
infoblox CWE-776
6.5
2021-05-26 CVE-2018-10868 XML Entity Expansion vulnerability in Redhat Certification 7.0
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.
network
low complexity
redhat CWE-776
7.5
2021-01-29 CVE-2020-24665 XML Entity Expansion vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition.
network
low complexity
hitachi CWE-776
6.5
2021-01-14 CVE-2021-23926 XML Entity Expansion vulnerability in multiple products
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input.
network
low complexity
apache netapp debian oracle CWE-776
critical
9.1
2021-01-13 CVE-2021-1267 XML Entity Expansion vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-776
4.3
2020-09-01 CVE-2012-3340 XML Entity Expansion vulnerability in IBM Infosphere Guardium 8.0/8.0.1/8.2
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-776
4.3
2020-08-21 CVE-2020-24590 XML Entity Expansion vulnerability in Wso2 API Manager and API Microgateway
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.
network
low complexity
wso2 CWE-776
critical
9.1
2020-05-04 CVE-2020-11462 XML Entity Expansion vulnerability in Openvpn Access Server
An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3.
network
low complexity
openvpn CWE-776
7.5
2020-04-20 CVE-2020-3946 XML Entity Expansion vulnerability in VMWare Installbuilder
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
network
low complexity
vmware CWE-776
7.5
2020-04-07 CVE-2020-2172 XML Entity Expansion vulnerability in Jenkins Code Coverage API
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-776
6.5