Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-12 | CVE-2020-24454 | XXE vulnerability in Intel Quartus Prime Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
| 2020-11-09 | CVE-2020-27017 | XXE vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. | 4.9 |
| 2020-10-27 | CVE-2020-15352 | XXE vulnerability in multiple products An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 7.2 |
| 2020-10-22 | CVE-2020-25186 | XXE vulnerability in We-Con Levistudiou An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. | 7.5 |
| 2020-10-12 | CVE-2020-4772 | XXE vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 8.1 |
| 2020-10-02 | CVE-2020-15232 | XXE vulnerability in Mapfish Print In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. | 9.1 |
| 2020-10-01 | CVE-2020-13940 | XXE vulnerability in Apache Nifi In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. | 5.5 |
| 2020-09-30 | CVE-2020-8256 | XXE vulnerability in multiple products A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability. | 4.9 |
| 2020-09-30 | CVE-2020-21524 | XXE vulnerability in Halo 1.1.3 There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. | 9.1 |
| 2020-09-23 | CVE-2020-2284 | XXE vulnerability in Jenkins Liquibase Runner Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |