Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-15 | CVE-2020-2092 | XXE vulnerability in Jenkins Robot Framework Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents. | 8.8 |
| 2020-01-15 | CVE-2019-18412 | XXE vulnerability in Jetbrains Idetalk JetBrains IDETalk plugin before version 193.4099.10 allows XXE | 7.5 |
| 2020-01-15 | CVE-2015-8549 | XXE vulnerability in Pyamf XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload. | 7.1 |
| 2020-01-14 | CVE-2014-5238 | XXE vulnerability in Open-Xchange Appsuite XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document. | 7.8 |
| 2020-01-14 | CVE-2020-6958 | XXE vulnerability in YET Another Java Service Wrapper Project YET Another Java Service Wrapper 12.14 An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service. | 9.1 |
| 2020-01-08 | CVE-2019-17020 | XXE vulnerability in multiple products If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. | 6.5 |
| 2020-01-06 | CVE-2019-15983 | XXE vulnerability in Cisco Data Center Network Manager A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.9 |
| 2020-01-05 | CVE-2019-20153 | XXE vulnerability in Determine Contract Lifecycle Management 5.4 An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. | 4.9 |
| 2020-01-03 | CVE-2019-3768 | XXE vulnerability in EMC RSA Authentication Manager RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. | 6.5 |
| 2019-12-30 | CVE-2019-19032 | XXE vulnerability in Xmlblueprint XMLBlueprint through 16.191112 is affected by XML External Entity Injection. | 8.1 |