Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-11 | CVE-2020-11991 | XXE vulnerability in Apache Cocoon When using the StreamGenerator, the code parse a user-provided XML. | 5.0 |
| 2020-09-11 | CVE-2020-25257 | XXE vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 7.5 |
| 2020-09-10 | CVE-2020-17408 | XXE vulnerability in NEC Expresscluster X 4.1/4.2 This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. | 5.0 |
| 2020-09-09 | CVE-2020-24379 | XXE vulnerability in multiple products WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. | 9.8 |
| 2020-09-01 | CVE-2020-2247 | XXE vulnerability in Jenkins Klocwork Analysis Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
| 2020-09-01 | CVE-2020-2245 | XXE vulnerability in Jenkins Valgrind Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-08-29 | CVE-2020-25020 | XXE vulnerability in multiple products MPXJ through 8.1.3 allows XXE attacks. | 7.5 |
| 2020-08-26 | CVE-2020-17376 | XXE vulnerability in Openstack Nova An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. | 6.5 |
| 2020-08-26 | CVE-2020-24656 | XXE vulnerability in Maltego Maltego before 4.2.12 allows XXE attacks. | 4.3 |
| 2020-08-21 | CVE-2020-24591 | XXE vulnerability in Wso2 products The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. | 5.5 |