• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-611

CVE-2020-10993

February 26, 2023 by

Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.

CVE-2020-10799

February 26, 2023 by

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.

CVE-2020-10683

February 26, 2023 by

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

CVE-2020-10629

February 26, 2023 by

WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.

CVE-2019-9843

February 26, 2023 by

In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn’t respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file.

CVE-2019-9757

February 26, 2023 by

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 48
  • Go to page 49
  • Go to page 50
  • Go to page 51
  • Go to page 52
  • Interim pages omitted …
  • Go to page 107
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE