Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2019-4707 | XXE vulnerability in IBM Security Access Manager 9.0.7.0 IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2020-01-24 | CVE-2013-4333 | XXE vulnerability in Tejimaya Openpne OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability | 9.1 |
| 2020-01-15 | CVE-2015-1811 | XXE vulnerability in Jenkins Cloudbees 1.596.1 XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. | 7.5 |
| 2020-01-15 | CVE-2015-1809 | XXE vulnerability in Jenkins Cloudbees 1.596.1 XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query. | 7.5 |
| 2020-01-15 | CVE-2020-2092 | XXE vulnerability in Jenkins Robot Framework Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents. | 8.8 |
| 2020-01-15 | CVE-2019-18412 | XXE vulnerability in Jetbrains Idetalk JetBrains IDETalk plugin before version 193.4099.10 allows XXE | 7.5 |
| 2020-01-15 | CVE-2015-8549 | XXE vulnerability in Pyamf XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload. | 7.1 |
| 2020-01-14 | CVE-2014-5238 | XXE vulnerability in Open-Xchange Appsuite XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document. | 7.8 |
| 2020-01-14 | CVE-2020-6958 | XXE vulnerability in YET Another Java Service Wrapper Project YET Another Java Service Wrapper 12.14 An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service. | 9.1 |
| 2020-01-08 | CVE-2019-17020 | XXE vulnerability in multiple products If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. | 6.5 |