Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-28 | CVE-2019-9843 | XXE vulnerability in Diffplug Gradle and Maven In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. | 7.5 |
| 2019-06-24 | CVE-2018-20843 | XXE vulnerability in multiple products In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). network low complexity libexpat-project canonical debian fedoraproject opensuse oracle tenable CWE-611 | 7.5 |
| 2019-06-21 | CVE-2019-11392 | XXE vulnerability in Dotnetblogengine Blogengine.Net BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. | 7.5 |
| 2019-06-21 | CVE-2019-10718 | XXE vulnerability in Dotnetblogengine Blogengine.Net BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs. | 7.5 |
| 2019-06-20 | CVE-2019-1903 | XXE vulnerability in Cisco Security Manager 4.14 A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. | 9.1 |
| 2019-06-19 | CVE-2018-15506 | XXE vulnerability in Bubblesoftapps Bubbleupnp 0.9 In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. | 9.8 |
| 2019-06-19 | CVE-2018-18471 | XXE vulnerability in Axentra Hipserv /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. | 9.8 |
| 2019-06-19 | CVE-2018-18406 | XXE vulnerability in Tufin Securetrack 18.1 An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). | 9.9 |
| 2019-06-17 | CVE-2018-1845 | XXE vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-06-12 | CVE-2019-0948 | XXE vulnerability in Microsoft products An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity, aka 'Windows Event Viewer Information Disclosure Vulnerability'. | 5.5 |