Vulnerabilities > Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 7.5 |
2020-02-19 | CVE-2014-2228 | XML Entity Expansion vulnerability in Talend Restlet 1.1.10/2.1.7/2.2 The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. | 9.8 |
2020-02-07 | CVE-2013-4335 | XML Entity Expansion vulnerability in Openpne Opopensocialplugin opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities | 9.8 |
2020-02-06 | CVE-2020-6856 | XML Entity Expansion vulnerability in Sos-Berlin Jobscheduler 1.11/1.13.2 An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders. | 6.5 |
2020-02-06 | CVE-2019-20104 | XML Entity Expansion vulnerability in Atlassian Crowd The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. | 7.5 |
2020-01-28 | CVE-2020-5227 | XML Entity Expansion vulnerability in Feedgen Project Feedgen Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. | 7.5 |
2020-01-24 | CVE-2015-9541 | XML Entity Expansion vulnerability in multiple products Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | 7.5 |
2019-12-12 | CVE-2017-18640 | XML Entity Expansion vulnerability in multiple products The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | 7.5 |
2019-11-05 | CVE-2013-6461 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | 6.5 |
2019-11-05 | CVE-2013-6460 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 6.5 |