Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-22 | CVE-2021-22523 | XXE vulnerability in Microfocus Verastream Host Integrator XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. | 7.6 |
| 2021-07-16 | CVE-2019-3752 | XXE vulnerability in Dell products Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. | 8.2 |
| 2021-07-13 | CVE-2021-20595 | XXE vulnerability in Mitsubishi products Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets. | 8.2 |
| 2021-07-12 | CVE-2021-32754 | XXE vulnerability in Flowdroid Project Flowdroid FlowDroid is a data flow analysis tool. | 5.3 |
| 2021-07-09 | CVE-2021-30201 | XXE vulnerability in Kaseya VSA The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. | 7.5 |
| 2021-06-30 | CVE-2021-21672 | XXE vulnerability in Jenkins Selenium Html Report Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 4.3 |
| 2021-06-30 | CVE-2021-25951 | XXE vulnerability in Xml2Dict Project Xml2Dict 0.2.2 XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. | 7.5 |
| 2021-06-29 | CVE-2021-22338 | XXE vulnerability in Huawei Ecns280 Firmware V100R005C00/V100R005C10 There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. | 5.3 |
| 2021-06-23 | CVE-2021-29620 | XXE vulnerability in Reportportal Service-Api Report portal is an open source reporting and analysis framework. | 7.5 |
| 2021-06-21 | CVE-2021-35066 | XXE vulnerability in Connectwise Automate An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. | 9.8 |