Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2020-03-27 CVE-2020-10993 XXE vulnerability in Osmand 2.0.0
Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.
network
low complexity
osmand CWE-611
6.4
6.4
2020-03-27 CVE-2020-10992 XXE vulnerability in Azkaban Project Azkaban
Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.
network
low complexity
azkaban-project CWE-611
7.5
7.5
2020-03-27 CVE-2020-10991 XXE vulnerability in Mulesoft Aplkit
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
network
low complexity
mulesoft CWE-611
7.5
7.5
2020-03-27 CVE-2020-10990 XXE vulnerability in Accenture Mercury
An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.
network
low complexity
accenture CWE-611
7.5
7.5
2020-03-25 CVE-2020-2171 XXE vulnerability in Jenkins Rapiddeploy
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2020-03-23 CVE-2019-20627 XXE vulnerability in Rbsoft Autoupdater.Net
AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE.
network
low complexity
rbsoft CWE-611
critical
 9.8
9.8
2020-03-20 CVE-2020-10799 XXE vulnerability in Svglib Project Svglib
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.
network
low complexity
svglib-project CWE-611
7.5
7.5
2020-03-16 CVE-2019-20191 XXE vulnerability in Sync Oxygen XML Editor
Oxygen XML Editor 21.1.1 allows XXE to read any file.
network
low complexity
sync CWE-611
7.5
7.5
2020-03-11 CVE-2020-8540 XXE vulnerability in Zohocorp Manageengine Desktop Central
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
network
low complexity
zohocorp CWE-611
7.5
7.5
2020-03-10 CVE-2020-6202 XXE vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.
network
low complexity
sap CWE-611
6.5
6.5