Total
852 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14485 | 1 Blogengine | 1 Blogengine.net | 2019-05-08 | 7.5 HIGH | 9.8 CRITICAL |
| BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. | |||||
| CVE-2014-0030 | 1 Apache | 1 Roller | 2019-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | |||||
| CVE-2017-1458 | 1 Ibm | 1 Qradar Network Security | 2019-05-06 | 5.5 MEDIUM | 8.1 HIGH |
| IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377. | |||||
| CVE-2019-10309 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2019-05-06 | 4.8 MEDIUM | 9.3 CRITICAL |
| Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients. | |||||
| CVE-2019-11677 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2019-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. | |||||
| CVE-2019-11519 | 1 Nopcommerce | 1 Nopcommerce | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen. | |||||
| CVE-2018-17169 | 1 Printeron | 1 Printeron | 2019-04-30 | 4.0 MEDIUM | 7.7 HIGH |
| An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | |||||
| CVE-2014-3990 | 1 Opencart | 1 Opencart | 2019-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | |||||
| CVE-2018-17289 | 1 Kofax | 1 Front Office Server | 2019-04-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter. | |||||
| CVE-2019-8999 | 1 Blackberry | 1 Unified Endpoint Management | 2019-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account. | |||||
| CVE-2019-0284 | 1 Sap | 1 Hana | 2019-04-11 | 3.6 LOW | 6.0 MEDIUM |
| SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files. | |||||
| CVE-2019-0795 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-04-11 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793. | |||||
| CVE-2019-0791 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-04-10 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | |||||
| CVE-2019-0792 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-04-10 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795. | |||||
| CVE-2019-0793 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-04-10 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795. | |||||
| CVE-2019-0790 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-04-10 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | |||||
| CVE-2019-0756 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-04-09 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | |||||
| CVE-2018-20222 | 1 Airsonic Project | 1 Airsonic | 2019-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| XXE issue in Airsonic before 10.1.2 during parse. | |||||
| CVE-2019-8997 | 1 Blackberry | 1 Athoc | 2019-04-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. | |||||
| CVE-2017-9362 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-04-02 | 6.5 MEDIUM | 8.8 HIGH |
| ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. | |||||