Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-21220 | XXE vulnerability in Intel Quartus Prime Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2022-01-30 | CVE-2021-46660 | XXE vulnerability in Signiant Manager+Agents Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. | 9.8 |
| 2022-01-25 | CVE-2022-23031 | XXE vulnerability in F5 Big-Ip Application Security Manager On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that allows an authenticated high-privileged attacker to read local files and force BIG-IP to send HTTP requests. | 4.9 |
| 2022-01-21 | CVE-2020-4875 | XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2022-01-21 | CVE-2020-4876 | XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2022-01-20 | CVE-2022-0219 | XXE vulnerability in Jadx Project Jadx Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2. | 5.5 |
| 2022-01-17 | CVE-2022-0239 | XXE vulnerability in Stanford Corenlp corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 9.8 |
| 2022-01-13 | CVE-2021-40722 | XXE vulnerability in Adobe products AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE. | 9.8 |
| 2022-01-13 | CVE-2022-0198 | XXE vulnerability in Stanford Corenlp corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 7.1 |
| 2022-01-12 | CVE-2021-42560 | XXE vulnerability in Mitre Caldera 2.9.0 An issue was discovered in CALDERA 2.9.0. | 8.8 |