Total
1116 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-15011 | 1 E-contract | 1 Dssp | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The identifier of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability. | |||||
| CVE-2016-0369 | 1 Ibm | 1 Forms Experience Builder | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088. | |||||
| CVE-2016-0268 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 110915. | |||||
| CVE-2016-0250 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510. | |||||
| CVE-2016-0219 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693. | |||||
| CVE-2015-9280 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
| MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. | |||||
| CVE-2015-8549 | 1 Pyamf | 1 Pyamf | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload. | |||||
| CVE-2015-8031 | 1 Eclipse | 1 Hudson | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks. | |||||
| CVE-2015-7968 | 1 Sap | 1 Netweaver Application Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. | |||||
| CVE-2015-7461 | 1 Ibm | 1 Connections | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357. | |||||
| CVE-2015-3907 | 1 Codeigniter-restserver Project | 1 Codeigniter-restserver | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks. | |||||
| CVE-2015-1811 | 1 Jenkins | 1 Cloudbees | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. | |||||
| CVE-2015-1809 | 1 Jenkins | 1 Cloudbees | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query. | |||||
| CVE-2015-10082 | 1 Libimobiledevice | 1 Libplist | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499. | |||||
| CVE-2015-10029 | 1 Simplexrd Project | 1 Simplexrd | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is identified as 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-5238 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document. | |||||
| CVE-2014-3990 | 1 Opencart | 1 Opencart | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | |||||
| CVE-2014-3643 | 1 Jersey Project | 1 Jersey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| jersey: XXE via parameter entities not disabled by the jersey SAX parser | |||||
| CVE-2014-3599 | 1 Redhat | 1 Hornetq | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | |||||
| CVE-2014-3244 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | |||||