Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2020-1693 | XXE vulnerability in Redhat Spacewalk 1.6/2.6/2.9 A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. | 9.8 |
| 2020-02-14 | CVE-2019-6194 | XXE vulnerability in Lenovo Xclarity Administrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | 5.5 |
| 2020-02-12 | CVE-2020-1975 | XXE vulnerability in Paloaltonetworks Pan-Os Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. | 8.8 |
| 2020-02-12 | CVE-2020-6187 | XXE vulnerability in SAP Netweaver Guided Procedures SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. | 4.9 |
| 2020-02-12 | CVE-2020-2120 | XXE vulnerability in Jenkins Fitnesse Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
| 2020-02-12 | CVE-2020-2115 | XXE vulnerability in Jenkins Nunit Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
| 2020-02-11 | CVE-2014-2052 | XXE vulnerability in Owncloud Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | 9.8 |
| 2020-02-07 | CVE-2013-4334 | XXE vulnerability in Tejimaya Opwebapiplugin 0.1.0/0.4.0/0.5.1 opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities | 9.8 |
| 2020-01-30 | CVE-2019-10782 | XXE vulnerability in Checkstyle All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658. | 5.3 |
| 2020-01-29 | CVE-2020-2108 | XXE vulnerability in Jenkins Websphere Deployer Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | 7.6 |