Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-776

CWE-776

Medium likelihood

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Parent: CWE-674 - Uncontrolled Recursion

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

75 vulnerabilities with CWE-776

CVE-2023-20052 MEDIUM

ClamAV <1.0.0 - Info Disclosure

CVE-2022-28652 MEDIUM

~/.config/apport/settings - Info Disclosure

CVE-2022-44641 MEDIUM

Linaro LAVA < 2022.11 - Authenticated Denial of Service via XML Entity Expansion

CVE-2022-34430 HIGH

Dell Hybrid Client >=1.5 <1.8 - Path Traversal via Zip Bomb in UI

CVE-2022-25857 HIGH

snakeyaml < 1.31 - Denial of Service via Nested Collection Depth

CVE-2022-0217 HIGH

prosody < 0.11.12 - XML External Entity Injection via libexpat Library

CVE-2022-33977 HIGH

untangle < 1.2.0 - Denial of Service via XML Entity Expansion

CVE-2022-34467 MEDIUM

Mendix Excel Importer < 9.2.2 - XML Entity Expansion Injection

CVE-2022-26662 HIGH

Tryton Application Platform <5.0.45-6.2.5 - DoS

CVE-2022-23640 CRITICAL

excel_streaming_reader < 2.1.0 - XML External Entity Injection

CVE-2021-41559 MEDIUM

Silverstripe Framework 4.8.1 - Denial of Service via XML Entity Expansion in Convert::xml2array()

CVE-2021-40511 HIGH

OBDA systems Mastro 1.0 - Denial of Service via XML Entity Expansion

CVE-2021-20464 MEDIUM

IBM Cognos Analytics 11.1.7, 11.2.0 - Authenticated XML Entity Expansion

CVE-2021-31842 MEDIUM

McAfee Endpoint Security < 10.7.0 - Denial of Service via XML Entity Expansion in EPDeploy.xml

CVE-2021-38490 HIGH

Altova MobileTogether Server <7.3 SP1 - Info Disclosure

CVE-2021-3541 MEDIUM

libxml2 < 2.9.11 - Denial of Service via Exponential Entity Expansion

CVE-2021-32623 HIGH

Opencast < 9.6 - Authenticated Denial of Service via XML Entity Expansion

CVE-2021-23926 CRITICAL

Apache XMLBeans <= 2.6.0 - XML External Entity Injection

CVE-2021-1267 MEDIUM

Cisco Secure Firewall Management Center < 6.6.1 - Authenticated Denial of Service via XML Entity Expansion

CVE-2020-15303 MEDIUM

Infoblox NIOS < 8.5.2 - XML External Entity Injection via XML Upload

CVE-2020-24665 MEDIUM

Hitachi Vantara Pentaho <7.1.0.25-<8.2.0.6-<8.3.0.0 - XML Entity Ex...

CVE-2020-24590 CRITICAL

WSO2 API Manager <3.1.0, API Microgateway 2.2.0 - SSRF

CVE-2020-11462 HIGH

OpenVPN Access Server < 2.7.0 and 2.8.x < 2.8.3 - Denial of Service via XML Entity Expansion

CVE-2020-3946 HIGH

VMware InstallBuilder < 19.11.0 - Denial of Service via XML Entity Expansion

CVE-2020-2172 MEDIUM

Jenkins Code Coverage API Plugin < 1.1.4 - XML External Entity Injection

Previous Page 2 of 3 Next

Details

Vulnerabilities 75

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy