Vulnerabilities > Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-21 | CVE-2020-24590 | XML Entity Expansion vulnerability in Wso2 API Manager and API Microgateway The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. | 9.1 |
| 2020-05-04 | CVE-2020-11462 | XML Entity Expansion vulnerability in Openvpn Access Server An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. | 7.5 |
| 2020-04-20 | CVE-2020-3946 | XML Entity Expansion vulnerability in VMWare Installbuilder InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). | 7.5 |
| 2020-04-07 | CVE-2020-2172 | XML Entity Expansion vulnerability in Jenkins Code Coverage API Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
| 2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 7.5 |
| 2020-02-19 | CVE-2014-2228 | XML Entity Expansion vulnerability in Talend Restlet 1.1.10/2.1.7/2.2 The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. | 9.8 |
| 2020-02-07 | CVE-2013-4335 | XML Entity Expansion vulnerability in Openpne Opopensocialplugin opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities | 9.8 |
| 2020-02-06 | CVE-2020-6856 | XML Entity Expansion vulnerability in Sos-Berlin Jobscheduler 1.11/1.13.2 An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders. | 6.5 |
| 2020-02-06 | CVE-2019-20104 | XML Entity Expansion vulnerability in Atlassian Crowd The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. | 7.5 |
| 2020-01-28 | CVE-2020-5227 | XML Entity Expansion vulnerability in Feedgen Project Feedgen Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. | 7.5 |