Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-21 | CVE-2021-29831 | XXE vulnerability in IBM products IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2021-09-16 | CVE-2021-39239 | XXE vulnerability in Apache Jena A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. | 7.5 |
| 2021-09-15 | CVE-2021-30137 | XXE vulnerability in Axiossystems Assyst 10 Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. | 8.2 |
| 2021-09-14 | CVE-2021-40356 | XXE vulnerability in Siemens Teamcenter Visualization A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). | 7.5 |
| 2021-09-11 | CVE-2021-38555 | XXE vulnerability in Apache Any23 An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. | 9.1 |
| 2021-09-08 | CVE-2021-3055 | XXE vulnerability in Paloaltonetworks Pan-Os An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. | 6.5 |
| 2021-09-02 | CVE-2021-34436 | XXE vulnerability in Eclipse Theia 0.1.1/0.2.0 In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. | 9.8 |
| 2021-08-31 | CVE-2021-21680 | XXE vulnerability in Jenkins Nested View Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. | 7.1 |
| 2021-08-23 | CVE-2021-39371 | XXE vulnerability in multiple products An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. | 7.5 |
| 2021-08-16 | CVE-2020-18703 | XXE vulnerability in Quokka Project Quokka 0.4.0 XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. | 9.8 |