Vulnerabilities > Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2012-6685 XML Entity Expansion vulnerability in multiple products
Nokogiri before 1.5.4 is vulnerable to XXE attacks
network
low complexity
nokogiri redhat CWE-776
7.5
2020-02-19 CVE-2014-2228 XML Entity Expansion vulnerability in Talend Restlet 1.1.10/2.1.7/2.2
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
network
low complexity
talend CWE-776
critical
9.8
2020-02-07 CVE-2013-4335 XML Entity Expansion vulnerability in Openpne Opopensocialplugin
opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities
network
low complexity
openpne CWE-776
critical
9.8
2020-02-06 CVE-2020-6856 XML Entity Expansion vulnerability in Sos-Berlin Jobscheduler 1.11/1.13.2
An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.
network
low complexity
sos-berlin CWE-776
6.5
2020-02-06 CVE-2019-20104 XML Entity Expansion vulnerability in Atlassian Crowd
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.
network
low complexity
atlassian CWE-776
7.5
2020-01-28 CVE-2020-5227 XML Entity Expansion vulnerability in Feedgen Project Feedgen
Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks.
network
low complexity
feedgen-project CWE-776
7.5
2020-01-24 CVE-2015-9541 XML Entity Expansion vulnerability in multiple products
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
network
low complexity
qt fedoraproject CWE-776
7.5
2019-12-12 CVE-2017-18640 XML Entity Expansion vulnerability in multiple products
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
7.5
2019-11-05 CVE-2013-6461 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
network
low complexity
nokogiri debian redhat CWE-776
6.5