Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-27 | CVE-2020-10993 | XXE vulnerability in Osmand 2.0.0 Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. | 6.4 |
2020-03-27 | CVE-2020-10992 | XXE vulnerability in Azkaban Project Azkaban Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. | 7.5 |
2020-03-27 | CVE-2020-10991 | XXE vulnerability in Mulesoft Aplkit Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java | 7.5 |
2020-03-27 | CVE-2020-10990 | XXE vulnerability in Accenture Mercury An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. | 7.5 |
2020-03-25 | CVE-2020-2171 | XXE vulnerability in Jenkins Rapiddeploy Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
2020-03-23 | CVE-2019-20627 | XXE vulnerability in Rbsoft Autoupdater.Net AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. | 9.8 |
2020-03-20 | CVE-2020-10799 | XXE vulnerability in Svglib Project Svglib The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. | 7.5 |
2020-03-16 | CVE-2019-20191 | XXE vulnerability in Sync Oxygen XML Editor Oxygen XML Editor 21.1.1 allows XXE to read any file. | 7.5 |
2020-03-11 | CVE-2020-8540 | XXE vulnerability in Zohocorp Manageengine Desktop Central An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 7.5 |
2020-03-10 | CVE-2020-6202 | XXE vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. | 6.5 |