Total
1094 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2178 | 1 Jenkins | 1 Parasoft Findings | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2171 | 1 Jenkins | 1 Rapiddeploy | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2144 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2138 | 1 Jenkins | 1 Cobertura | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2120 | 1 Jenkins | 1 Fitnesse | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2115 | 1 Jenkins | 1 Nunit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2108 | 1 Jenkins | 1 Websphere Deployer | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
| Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | |||||
| CVE-2020-2092 | 1 Jenkins | 1 Robot Framework | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents. | |||||
| CVE-2020-2012 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7. | |||||
| CVE-2020-29436 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0. | |||||
| CVE-2020-28736 | 1 Plone | 1 Plone | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | |||||
| CVE-2020-28734 | 1 Plone | 1 Plone | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | |||||
| CVE-2020-28387 | 1 Siemens | 1 Solid Edge | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923) | |||||
| CVE-2020-27858 | 1 Arcserve | 1 D2d | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11103. | |||||
| CVE-2020-27148 | 1 Tibco | 1 Ebx Add-ons | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below. | |||||
| CVE-2020-27017 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. | |||||
| CVE-2020-26981 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890) | |||||
| CVE-2020-26710 | 1 Easy-parse Project | 1 Easy-parse | 2024-11-21 | N/A | 7.5 HIGH |
| easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | |||||
| CVE-2020-26709 | 1 Py-xml Project | 1 Py-xml | 2024-11-21 | N/A | 7.5 HIGH |
| py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | |||||
| CVE-2020-26708 | 1 Requests-xml Project | 1 Requests-xml | 2024-11-21 | N/A | 7.5 HIGH |
| requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | |||||