Total
998 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20157 | 1 Openrefine | 1 Openrefine | 2019-01-03 | 5.0 MEDIUM | 7.5 HIGH |
| The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. | |||||
| CVE-2018-20059 | 1 Pippo | 1 Pippo | 2019-01-03 | 7.5 HIGH | 9.8 CRITICAL |
| jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | |||||
| CVE-2018-17411 | 1 Informationbuilders | 1 Data Quality Suite | 2018-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. | |||||
| CVE-2018-18737 | 1 Douchat | 1 Douchat | 2018-12-11 | 5.0 MEDIUM | 7.5 HIGH |
| An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF. | |||||
| CVE-2018-12243 | 1 Symantec | 1 Messaging Gateway | 2018-12-08 | 5.8 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible. | |||||
| CVE-2018-16521 | 1 Openmrs | 2 Html Form Entry, Reference Application | 2018-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. | |||||
| CVE-2018-18659 | 1 Arcserve | 1 Udp | 2018-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue. | |||||
| CVE-2018-16252 | 1 Fspro | 1 Event Log Explorer | 2018-12-04 | 2.1 LOW | 3.3 LOW |
| FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. | |||||
| CVE-2018-15531 | 1 Javamelody Project | 1 Javamelody | 2018-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | |||||
| CVE-2018-8494 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2018-11-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-12585 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-java | 2018-11-27 | 6.4 MEDIUM | 8.2 HIGH |
| An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | |||||
| CVE-2018-8527 | 1 Microsoft | 1 Sql Server Management Studio | 2018-11-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533. | |||||
| CVE-2018-8532 | 1 Microsoft | 1 Sql Server Management Studio | 2018-11-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533. | |||||
| CVE-2018-8533 | 1 Microsoft | 1 Sql Server Management Studio | 2018-11-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532. | |||||
| CVE-2018-8420 | 1 Microsoft | 4 Windows 10, Windows 7, Windows 8.1 and 1 more | 2018-11-19 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2017-17762 | 1 Episerver | 1 Episerver | 2018-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx. | |||||
| CVE-2018-1000644 | 1 Eclipse | 1 Rdf4j | 2018-11-01 | 7.5 HIGH | 10.0 CRITICAL |
| Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file. | |||||
| CVE-2018-1000651 | 1 Gchq | 1 Stroom | 2018-11-01 | 7.5 HIGH | 10.0 CRITICAL |
| Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file. | |||||
| CVE-2018-16303 | 1 Tracker-software | 1 Pdf-xchange Editor | 2018-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. | |||||
| CVE-2016-7459 | 1 Vmware | 1 Vcenter Server | 2018-10-30 | 4.0 MEDIUM | 7.7 HIGH |
| VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||