Total
1131 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45397 | 1 Jenkins | 1 Osf Builder Suite \ | 2024-11-21 | 9.8 Critical |
| Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45396 | 1 Jenkins | 1 Sourcemonitor | 2024-11-21 | 9.8 Critical |
| Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45395 | 1 Jenkins | 1 Cccc | 2024-11-21 | 9.8 Critical |
| Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45386 | 1 Jenkins | 1 Violations | 2024-11-21 | 5.5 Medium |
| Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45326 | 1 Kwoksys | 1 Information Server | 2024-11-21 | 4.9 Medium |
| An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. | ||||
| CVE-2022-45194 | 1 Bruhn-newtech | 1 Cbrn-analysis | 2024-11-21 | 3.8 Low |
| CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. | ||||
| CVE-2022-43689 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.3 Medium |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. | ||||
| CVE-2022-43570 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 8.8 High |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. | ||||
| CVE-2022-43430 | 1 Jenkins | 1 Compuware Topaz For Total Test | 2024-11-21 | 7.5 High |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-43415 | 1 Jenkins | 1 Repo | 2024-11-21 | 7.5 High |
| Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-42745 | 1 Auieosoftware | 1 Candidats | 2024-11-21 | 7.5 High |
| CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE. | ||||
| CVE-2022-42341 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.5 High |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-42307 | 1 Veritas | 1 Netbackup | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. | ||||
| CVE-2022-42301 | 1 Veritas | 1 Netbackup | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. | ||||
| CVE-2022-41967 | 1 Hypera | 1 Dragonfly | 2024-11-21 | 7 High |
| Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerability may be avoided by not trying to resolve `SNAPSHOT` versions. | ||||
| CVE-2022-41241 | 1 Jenkins | 1 Rqm | 2024-11-21 | 9.1 Critical |
| Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-41226 | 1 Jenkins | 1 Compuware Common Configuration | 2024-11-21 | 9.8 Critical |
| Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-40771 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2024-11-21 | 4.9 Medium |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | ||||
| CVE-2022-40747 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 9.1 Critical |
| "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584." | ||||
| CVE-2022-40705 | 1 Apache | 1 Soap | 2024-11-21 | 7.5 High |
| An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||