Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-22 | CVE-2021-44028 | XXE vulnerability in Quest Kace Desktop Authority XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. | 5.5 |
| 2021-12-16 | CVE-2021-45096 | XXE vulnerability in Knime Analytics Platform KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. | 4.3 |
| 2021-12-14 | CVE-2021-3836 | XXE vulnerability in Dbeaver dbeaver is vulnerable to Improper Restriction of XML External Entity Reference | 5.5 |
| 2021-12-10 | CVE-2021-23463 | XXE vulnerability in H2Database H2 1.4.198/1.4.199/1.4.200 The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. | 9.1 |
| 2021-12-08 | CVE-2021-44556 | XXE vulnerability in KB Digger National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. | 9.1 |
| 2021-12-08 | CVE-2021-44557 | XXE vulnerability in KB Multiner National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. | 9.1 |
| 2021-12-01 | CVE-2021-42776 | XXE vulnerability in Cloverdx CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. | 7.7 |
| 2021-11-22 | CVE-2021-44147 | XXE vulnerability in Claris Filemaker PRO and Filemaker Server An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks. | 5.5 |
| 2021-11-12 | CVE-2021-21701 | XXE vulnerability in Jenkins Performance 3.20 Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
| 2021-11-12 | CVE-2021-43576 | XXE vulnerability in Jenkins Pom2Config 1.2 Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 6.5 |