Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-14 | CVE-2017-7457 | XXE vulnerability in Moxa Mx-Aopc Server 1.5 XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. | 1.9 |
2017-04-10 | CVE-2015-7273 | XXE vulnerability in Dell Integrated Remote Access Controller Firmware Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | 7.5 |
2017-04-07 | CVE-2016-6805 | XXE vulnerability in Apache Ignite Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents. | 4.3 |
2017-03-31 | CVE-2016-9707 | XXE vulnerability in IBM products IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 7.5 |
2017-03-31 | CVE-2016-6111 | XXE vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.5 |
2017-03-29 | CVE-2016-9924 | XXE vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | 7.5 |
2017-03-24 | CVE-2016-10149 | XXE vulnerability in multiple products XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | 5.0 |
2017-03-23 | CVE-2017-6895 | XXE vulnerability in USB Pratirodh Project USB Pratirodh USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. | 7.5 |
2017-03-23 | CVE-2016-5749 | XXE vulnerability in Netiq Access Manager 4.1/4.2 NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack. | 5.5 |
2017-03-23 | CVE-2016-5748 | XXE vulnerability in Netiq Access Manager 4.1/4.2 External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. | 5.5 |