CWE-776
Medium likelihoodImproper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Parent: CWE-674 - Uncontrolled Recursion
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
71 vulnerabilities with CWE-776
CVE-2019-11253
HIGH
Kubernetes < 1.12.10 - XML Entity Expansion
CVSS 7.5
CVE-2019-12401
HIGH
Solr <4.10.4 - DoS
CVSS 7.5
CVE-2019-15903
HIGH
libexpat <2.2.8 - Buffer Overflow
CVSS 7.5
CVE-2019-15160
HIGH
Kbrw Sweet Xml < 0.6.6 - XML Entity Expansion
CVSS 7.5
CVE-2019-5442
HIGH
Pippo 1.12.0 - DoS
CVSS 7.5
CVE-2019-5427
HIGH
c3p0 <0.9.5.4 - Info Disclosure
CVSS 7.5
CVE-2018-10868
HIGH
Redhat Certification - Denial of Service
CVSS 7.5
CVE-2017-18640
HIGH
SnakeYAML <1.26 - Entity Expansion
CVSS 7.5
CVE-2017-5644
MEDIUM
Apache Poi < 3.14 - XML Entity Expansion
CVSS 5.5
CVE-2015-9541
HIGH
QT < 5.12.8 - XML Entity Expansion
CVSS 7.5
CVE-2014-2228
CRITICAL
HP Fortify SCA <2.2 RC3 - Code Injection
CVSS 9.8
CVE-2013-4335
CRITICAL
Openpne Opopensocialplugin - XML Entity Expansion
CVSS 9.8
CVE-2013-6461
MEDIUM
Nokogiri < 1.5.11 - XML Entity Expansion
CVSS 6.5
CVE-2013-6460
MEDIUM
Nokogiri < 1.5.11 - XML Entity Expansion
CVSS 6.5
CVE-2012-3340
MEDIUM
IBM Infosphere Guardium - XML Entity Expansion
CVSS 4.3
CVE-2012-6685
HIGH
Nokogiri < 1.5.4 - XML Entity Expansion
CVSS 7.5
CVE-2011-3288
HIGH
Cisco Unified Presence < 8.5\(4\) - XML Entity Expansion
CVSS 7.5
CVE-2011-1755
HIGH
jabberd2 < 2.2.14 - DoS
CVSS 7.5
CVE-2009-1955
HIGH
Apache APR-util <1.3.7 - DoS
CVSS 7.5
CVE-2008-3281
MEDIUM
libxml2 <2.6.32 - DoS
CVSS 6.5
CVE-2003-1564
MEDIUM
Xmlsoft Libxml2 < 2.5.0 - XML Entity Expansion
CVSS 6.5
Details
Vulnerabilities
71
Exploit Likelihood
Medium