Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-22 | CVE-2021-22523 | XXE vulnerability in Microfocus Verastream Host Integrator XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. | 7.6 |
| 2021-07-21 | CVE-2021-2401 | XXE vulnerability in Oracle BI Publisher Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). | 5.3 |
| 2021-07-16 | CVE-2019-3752 | XXE vulnerability in Dell products Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. | 8.2 |
| 2021-07-13 | CVE-2021-20595 | XXE vulnerability in Mitsubishi products Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets. | 8.2 |
| 2021-07-12 | CVE-2021-32754 | XXE vulnerability in Flowdroid Project Flowdroid FlowDroid is a data flow analysis tool. | 5.3 |
| 2021-07-09 | CVE-2021-30201 | XXE vulnerability in Kaseya VSA 9.5.6 The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. | 7.5 |
| 2021-07-09 | CVE-2012-1102 | XXE vulnerability in Xml::Atom Project Xml::Atom It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. | 7.5 |
| 2021-07-09 | CVE-2021-32972 | XXE vulnerability in Panasonic Fpwin PRO 7.5.0.1/7.5.1.1 Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software. | 5.5 |
| 2021-06-30 | CVE-2021-21672 | XXE vulnerability in Jenkins Selenium Html Report Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 4.3 |
| 2021-06-30 | CVE-2021-25951 | XXE vulnerability in Xml2Dict Project Xml2Dict 0.2.2 XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. | 7.5 |