Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-21 | CVE-2019-11392 | XXE vulnerability in Dotnetblogengine Blogengine.Net BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. | 5.0 |
| 2019-06-21 | CVE-2019-10718 | XXE vulnerability in Dotnetblogengine Blogengine.Net BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs. | 5.0 |
| 2019-06-20 | CVE-2019-1903 | XXE vulnerability in Cisco Security Manager 4.14 A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. | 6.4 |
| 2019-06-19 | CVE-2018-15506 | XXE vulnerability in Bubblesoftapps Bubbleupnp 0.9 In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. | 7.5 |
| 2019-06-19 | CVE-2018-18471 | XXE vulnerability in Axentra Hipserv /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. | 9.8 |
| 2019-06-19 | CVE-2018-18406 | XXE vulnerability in Tufin Securetrack 18.1 An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). | 6.5 |
| 2019-06-17 | CVE-2018-1845 | XXE vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-06-12 | CVE-2019-0948 | XXE vulnerability in Microsoft products An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity, aka 'Windows Event Viewer Information Disclosure Vulnerability'. | 4.3 |
| 2019-06-11 | CVE-2019-12154 | XXE vulnerability in Realobjects Pdfreactor XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions. | 6.4 |
| 2019-06-11 | CVE-2019-10337 | XXE vulnerability in Jenkins Token Macro An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | 7.5 |