Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-31 | CVE-2016-9707 | XXE vulnerability in IBM products IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-03-31 | CVE-2016-6111 | XXE vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 9.1 |
| 2017-03-29 | CVE-2016-9924 | XXE vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | 9.8 |
| 2017-03-24 | CVE-2016-10149 | XXE vulnerability in multiple products XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | 7.5 |
| 2017-03-23 | CVE-2017-6895 | XXE vulnerability in USB Pratirodh Project USB Pratirodh USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. | 9.8 |
| 2017-03-23 | CVE-2016-5749 | XXE vulnerability in Netiq Access Manager 4.1/4.2 NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack. | 5.5 |
| 2017-03-23 | CVE-2016-5748 | XXE vulnerability in Netiq Access Manager 4.1/4.2 External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. | 5.5 |
| 2017-03-20 | CVE-2016-4931 | XXE vulnerability in Juniper Junos Space XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. | 6.5 |
| 2017-03-17 | CVE-2017-3811 | XXE vulnerability in Cisco Webex Meetings Server 2.6 An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. | 6.5 |
| 2017-03-07 | CVE-2016-9724 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |