Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2017-04-18 CVE-2017-5661 XXE vulnerability in Apache Formatting Objects Processor
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files.
network
low complexity
apache CWE-611
7.3
2017-04-14 CVE-2017-7457 XXE vulnerability in Moxa Mx-Aopc Server 1.5
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
local
low complexity
moxa CWE-611
5.0
2017-04-10 CVE-2015-7273 XXE vulnerability in Dell Integrated Remote Access Controller Firmware 1.99/2.20.20.20
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.
network
low complexity
dell CWE-611
critical
9.8
2017-04-07 CVE-2016-6805 XXE vulnerability in Apache Ignite
Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
network
high complexity
apache CWE-611
5.9
2017-03-31 CVE-2016-9707 XXE vulnerability in IBM products
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-03-31 CVE-2016-6111 XXE vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2017-03-29 CVE-2016-9924 XXE vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.
network
low complexity
synacor CWE-611
critical
9.8
2017-03-24 CVE-2016-10149 XXE vulnerability in multiple products
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
network
low complexity
pysaml2-project debian CWE-611
7.5
2017-03-23 CVE-2017-6895 XXE vulnerability in USB Pratirodh Project USB Pratirodh
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml.
network
low complexity
usb-pratirodh-project CWE-611
critical
9.8
2017-03-23 CVE-2016-5749 XXE vulnerability in Netiq Access Manager 4.1/4.2
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
local
low complexity
netiq CWE-611
5.5