Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-23 | CVE-2020-14940 | XXE vulnerability in Herac Tuxguitar 1.5.4 An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. | 5.0 |
2020-06-22 | CVE-2020-14204 | XXE vulnerability in IBI Webfocus Business Intelligence 8.0 In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. | 5.8 |
2020-06-16 | CVE-2020-8541 | XXE vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3 OX App Suite through 7.10.3 allows XXE attacks. | 4.0 |
2020-06-06 | CVE-2020-13883 | XXE vulnerability in Wso2 products In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. | 6.5 |
2020-06-04 | CVE-2020-13692 | XXE vulnerability in multiple products PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. | 7.7 |
2020-06-04 | CVE-2020-4509 | XXE vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.4.0 IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
2020-05-28 | CVE-2020-4246 | XXE vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
2020-05-13 | CVE-2020-2012 | XXE vulnerability in Paloaltonetworks Pan-Os Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. | 5.0 |
2020-05-11 | CVE-2018-1285 | XXE vulnerability in multiple products Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. | 9.8 |
2020-05-08 | CVE-2020-11541 | XXE vulnerability in Techsmith Snagit In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. | 2.1 |