Total
1045 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0793 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-04-11 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795. | |||||
| CVE-2019-0791 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-04-11 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | |||||
| CVE-2019-0792 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-04-11 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795. | |||||
| CVE-2019-0790 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-04-11 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | |||||
| CVE-2019-0756 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-04-10 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | |||||
| CVE-2018-20222 | 1 Airsonic Project | 1 Airsonic | 2019-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| XXE issue in Airsonic before 10.1.2 during parse. | |||||
| CVE-2019-8997 | 1 Blackberry | 1 Athoc | 2019-04-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. | |||||
| CVE-2017-9362 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-04-02 | 6.5 MEDIUM | 8.8 HIGH |
| ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. | |||||
| CVE-2017-18111 | 1 Atlassian | 1 Application Links | 2019-04-01 | 5.5 MEDIUM | 8.7 HIGH |
| The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability. | |||||
| CVE-2017-18110 | 1 Atlassian | 1 Crowd | 2019-04-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability. | |||||
| CVE-2018-8026 | 2 Apache, Netapp | 3 Solr, Snapcenter, Storage Automation Store | 2019-03-29 | 2.1 LOW | 5.5 MEDIUM |
| This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability. | |||||
| CVE-2017-8557 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-26 | 2.1 LOW | 5.5 MEDIUM |
| Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability". | |||||
| CVE-2018-1000069 | 2 Debian, Freeplane | 2 Debian Linux, Freeplane | 2019-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+. | |||||
| CVE-2017-1000021 | 1 Logicaldoc | 1 Logicaldoc | 2019-03-14 | 6.5 MEDIUM | 8.8 HIGH |
| LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. | |||||
| CVE-2019-9761 | 1 Phpshe | 1 Phpshe | 2019-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php. | |||||
| CVE-2019-0277 | 1 Sap | 1 Hana Extended Application Services | 2019-03-13 | 5.5 MEDIUM | 6.5 MEDIUM |
| SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability). | |||||
| CVE-2019-0265 | 1 Sap | 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more | 2019-03-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75. | |||||
| CVE-2019-5918 | 1 Nablarch Project | 1 Nablarch | 2019-03-13 | 8.5 HIGH | 9.1 CRITICAL |
| Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | |||||
| CVE-2017-5828 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2019-03-11 | 5.5 MEDIUM | 8.1 HIGH |
| An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | |||||
| CVE-2018-19858 | 1 Princexml | 1 Princexml | 2019-02-21 | 5.0 MEDIUM | 8.6 HIGH |
| PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF. | |||||