Fallos del tipo CWE-611

573 resultados
CVE-2019-1698MEDIUMCisco IoT Field Network Director XML External Entity VulnerabilityEPSS 3.1%CVE-2019-18227Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.EPSS 3.1%CVE-2019-3774Spring Batch XML External Entity Injection (XXE)EPSS 3.0%CVE-2023-29443MEDIUMZoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer beforEPSS 3.0%CVE-2019-3772Spring Integration XML External Entity Injection (XXE)EPSS 3.0%CVE-2017-7465CRITICALIt was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use tEPSS 3.0%CVE-2025-54988HIGHApache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFAEPSS 3.0%CVE-2016-9318MEDIUMlibxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the curreEPSS 2.9%CVE-2022-0839HIGHImproper Restriction of XML External Entity Reference in liquibase/liquibaseEPSS 2.9%CVE-2022-21282MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that EPSS 2.9%CVE-2024-45293HIGHXML External Entity Reference (XXE) in PHPSpreadsheet's XLSX readerEPSS 2.9%CVE-2022-0265HIGHImproper Restriction of XML External Entity Reference in hazelcast/hazelcastEPSS 2.8%CVE-2017-7545MEDIUMIt was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. AEPSS 2.8%CVE-2017-7375CRITICALA flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DEPSS 2.7%CVE-2020-25020CRITICALMPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.EPSS 2.6%CVE-2020-26981A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a speEPSS 2.6%CVE-2016-9491ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entityEPSS 2.6%CVE-2024-49064MEDIUMMicrosoft SharePoint Information Disclosure VulnerabilityEPSS 2.5%CVE-2018-10600SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure andEPSS 2.5%CVE-2022-29265Improper Restriction of XML External Entity References in Multiple ComponentsEPSS 2.4%