Vulnerabilities > Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-17 | CVE-2021-31842 | XML Entity Expansion vulnerability in Mcafee Endpoint Security XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. | 5.5 |
| 2021-08-10 | CVE-2021-38490 | XML Entity Expansion vulnerability in Altova Mobiletogether Server 7.0/7.3 Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425. | 7.5 |
| 2021-07-09 | CVE-2021-3541 | XML Entity Expansion vulnerability in multiple products A flaw was found in libxml2. | 6.5 |
| 2021-06-28 | CVE-2020-15303 | XML Entity Expansion vulnerability in Infoblox Nios Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564. | 6.5 |
| 2021-06-16 | CVE-2021-32623 | XML Entity Expansion vulnerability in Apereo Opencast Opencast is a free and open source solution for automated video capture and distribution. | 6.5 |
| 2021-05-26 | CVE-2018-10868 | XML Entity Expansion vulnerability in Redhat Certification 7.0 redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host. | 7.5 |
| 2021-01-29 | CVE-2020-24665 | XML Entity Expansion vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0 The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. | 6.5 |
| 2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |
| 2021-01-13 | CVE-2021-1267 | XML Entity Expansion vulnerability in Cisco Firepower Management Center A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 4.3 |
| 2020-09-01 | CVE-2012-3340 | XML Entity Expansion vulnerability in IBM Infosphere Guardium 8.0/8.0.1/8.2 IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. | 4.3 |