Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-31 | CVE-2020-26564 | XXE vulnerability in Objectplanet Opinio ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFile'] URI. | 4.0 |
| 2021-07-29 | CVE-2021-23418 | XXE vulnerability in Glances Project Glances The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks. | 7.5 |
| 2021-07-27 | CVE-2021-20399 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2021-07-22 | CVE-2021-22523 | XXE vulnerability in Microfocus Verastream Host Integrator XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. | 7.6 |
| 2021-07-16 | CVE-2019-3752 | XXE vulnerability in Dell products Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. | 6.4 |
| 2021-07-13 | CVE-2021-20595 | XXE vulnerability in Mitsubishi products Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets. | 8.5 |
| 2021-07-12 | CVE-2021-32754 | XXE vulnerability in Flowdroid Project Flowdroid FlowDroid is a data flow analysis tool. | 3.5 |
| 2021-07-09 | CVE-2021-30201 | XXE vulnerability in Kaseya VSA The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. | 5.0 |
| 2021-07-09 | CVE-2012-1102 | XXE vulnerability in Xml::Atom Project Xml::Atom It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. | 5.0 |
| 2021-07-09 | CVE-2021-32972 | XXE vulnerability in Panasonic Fpwin PRO 7.5.0.1 Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software. | 4.3 |