Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-22795 | XXE vulnerability in Signiant Manager+Agents Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. | 9.1 |
| 2022-03-10 | CVE-2022-22835 | XXE vulnerability in Overit Geocall 6.3 An issue was discovered in OverIT Geocall before version 8.0. | 6.5 |
| 2022-03-05 | CVE-2022-25312 | XXE vulnerability in Apache Any23 An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. | 9.1 |
| 2022-03-04 | CVE-2022-0839 | XXE vulnerability in multiple products Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0. | 9.8 |
| 2022-03-03 | CVE-2022-0265 | XXE vulnerability in Hazelcast 5.1 Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1. | 9.8 |
| 2022-02-25 | CVE-2022-24340 | XXE vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | 9.8 |
| 2022-02-24 | CVE-2020-14478 | XXE vulnerability in Rockwellautomation Factorytalk Services Platform A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. | 7.1 |
| 2022-02-15 | CVE-2022-25209 | XXE vulnerability in Jenkins Chef Sinatra Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
| 2022-02-11 | CVE-2021-46365 | XXE vulnerability in Magnolia-Cms Magnolia CMS An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. | 7.8 |
| 2022-02-09 | CVE-2022-21205 | XXE vulnerability in Intel Quartus Prime Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |