Total
1045 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5312 | 1 Wxjava Project | 1 Wxjava | 2019-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318. | |||||
| CVE-2018-1000821 | 1 Micromathematics Project | 1 Micromathematics | 2019-01-08 | 7.5 HIGH | 10.0 CRITICAL |
| MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8. | |||||
| CVE-2018-1000822 | 1 Codelibs | 1 Fess | 2019-01-08 | 7.5 HIGH | 10.0 CRITICAL |
| codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b. | |||||
| CVE-2018-1000825 | 1 Freecol | 1 Freecol | 2019-01-08 | 7.5 HIGH | 10.0 CRITICAL |
| FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file. | |||||
| CVE-2018-1000830 | 1 Xr3player Project | 1 Xr3player | 2019-01-08 | 7.5 HIGH | 10.0 CRITICAL |
| XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | |||||
| CVE-2018-1000831 | 1 K9mail | 1 K-9 Mail | 2019-01-08 | 7.5 HIGH | 10.0 CRITICAL |
| K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server. | |||||
| CVE-2018-1000834 | 1 Runelite | 1 Runelite | 2019-01-08 | 6.8 MEDIUM | 9.0 CRITICAL |
| runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | |||||
| CVE-2018-1000838 | 1 Sleuthkit | 1 Autopsy | 2019-01-08 | 7.5 HIGH | 10.0 CRITICAL |
| autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata. | |||||
| CVE-2018-20157 | 1 Openrefine | 1 Openrefine | 2019-01-03 | 5.0 MEDIUM | 7.5 HIGH |
| The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. | |||||
| CVE-2018-20059 | 1 Pippo | 1 Pippo | 2019-01-03 | 7.5 HIGH | 9.8 CRITICAL |
| jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | |||||
| CVE-2018-17411 | 1 Informationbuilders | 1 Data Quality Suite | 2018-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. | |||||
| CVE-2018-18737 | 1 Douchat | 1 Douchat | 2018-12-11 | 5.0 MEDIUM | 7.5 HIGH |
| An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF. | |||||
| CVE-2018-12243 | 1 Symantec | 1 Messaging Gateway | 2018-12-08 | 5.8 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible. | |||||
| CVE-2018-16521 | 1 Openmrs | 2 Html Form Entry, Reference Application | 2018-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. | |||||
| CVE-2018-18659 | 1 Arcserve | 1 Udp | 2018-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue. | |||||
| CVE-2018-16252 | 1 Fspro | 1 Event Log Explorer | 2018-12-04 | 2.1 LOW | 3.3 LOW |
| FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. | |||||
| CVE-2018-15531 | 1 Javamelody Project | 1 Javamelody | 2018-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | |||||
| CVE-2018-8494 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2018-11-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-12585 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-java | 2018-11-27 | 6.4 MEDIUM | 8.2 HIGH |
| An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | |||||
| CVE-2018-8527 | 1 Microsoft | 1 Sql Server Management Studio | 2018-11-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533. | |||||