Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2019-11-18 CVE-2019-10172 XXE vulnerability in multiple products
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries.
network
low complexity
fasterxml redhat debian apache CWE-611
7.5
7.5
2019-11-14 CVE-2019-14678 XXE vulnerability in SAS Base SAS and XML Mapper
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways.
network
low complexity
sas CWE-611
7.5
7.5
2019-11-12 CVE-2014-3599 XXE vulnerability in Redhat Hornetq
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy
network
redhat CWE-611
4.3
4.3
2019-11-07 CVE-2019-12331 XXE vulnerability in PHPoffice PHPspreadsheet
PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue.
network
low complexity
phpoffice CWE-611
8.8
8.8
2019-10-31 CVE-2019-18227 XXE vulnerability in Advantech Wise-Paas/Rmm 3.3.29
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior.
network
low complexity
advantech CWE-611
5.0
5.0
2019-10-29 CVE-2019-9757 XXE vulnerability in Labkey Server 19.1.0
An issue was discovered in LabKey Server 19.1.0.
network
low complexity
labkey CWE-611
5.0
5.0
2019-10-28 CVE-2017-15725 XXE vulnerability in Devada Dzone Answerhub
An XML External Entity Injection vulnerability exists in Dzone AnswerHub.
network
low complexity
devada CWE-611
5.0
5.0
2019-10-25 CVE-2019-8087 XXE vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability.
network
low complexity
adobe CWE-611
5.0
5.0
2019-10-25 CVE-2019-8086 XXE vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability.
network
low complexity
adobe CWE-611
5.0
5.0
2019-10-25 CVE-2019-8082 XXE vulnerability in Adobe Experience Manager 6.2/6.3/6.4
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability.
network
low complexity
adobe CWE-611
5.0
5.0