Total
998 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000546 | 1 Triplea-game | 1 Triplea | 2018-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML). | |||||
| CVE-2018-1000542 | 1 Netbeans-mmd-plugin Project | 1 Netbeans-mmd-plugin | 2018-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file. | |||||
| CVE-2017-3208 | 1 Themidnightcoders | 1 Weborb For Java | 2018-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery. | |||||
| CVE-2018-11586 | 1 Searchblox | 1 Searchblox | 2018-07-31 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | |||||
| CVE-2018-1456 | 1 Ibm | 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager | 2018-07-24 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 140091. | |||||
| CVE-2018-1000198 | 1 Jenkins | 1 Black Duck Hub | 2018-07-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document. | |||||
| CVE-2018-1309 | 1 Apache | 1 Nifi | 2018-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2018-0765 | 1 Microsoft | 9 .net Core, .net Framework, Windows 10 and 6 more | 2018-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. | |||||
| CVE-2018-10832 | 1 Modbuspal Project | 1 Modbuspal | 2018-06-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker. | |||||
| CVE-2018-1183 | 1 Dell | 16 Emc Smis, Emc Solutions Enabler Virtual Appliance, Emc Unisphere and 13 more | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service. | |||||
| CVE-2018-1247 | 1 Rsa | 1 Authentication Manager | 2018-06-13 | 5.8 MEDIUM | 7.1 HIGH |
| RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application. | |||||
| CVE-2014-0950 | 1 Ibm | 1 Rational Clearquest | 2018-05-24 | 5.5 MEDIUM | 7.1 HIGH |
| Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623. | |||||
| CVE-2017-6323 | 1 Symantec | 1 Management Console | 2018-05-23 | 5.2 MEDIUM | 8.0 HIGH |
| The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. | |||||
| CVE-2014-0931 | 1 Ibm | 1 Rational Clearcase | 2018-05-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263. | |||||
| CVE-2018-10175 | 1 Digitalguardian | 1 Management Console | 2018-05-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Digital Guardian Management Console 7.1.2.0015 has an XXE issue. | |||||
| CVE-2017-8315 | 1 Eclipse | 1 Ide | 2018-05-22 | 7.8 HIGH | 7.5 HIGH |
| Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml. | |||||
| CVE-2018-1000090 | 1 Textpattern | 1 Textpattern | 2018-04-13 | 7.8 HIGH | 7.5 HIGH |
| textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file. | |||||
| CVE-2018-1000124 | 1 I-librarian | 1 I\, Librarian | 2018-04-13 | 7.5 HIGH | 10.0 CRITICAL |
| I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea. | |||||
| CVE-2015-7461 | 1 Ibm | 1 Connections | 2018-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357. | |||||
| CVE-2018-5758 | 1 Aurea | 1 Jive-n | 2018-04-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files. | |||||