Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-2861 XXE vulnerability in Oracle Hyperion Planning 11.1.2.4
Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security).
network
high complexity
oracle CWE-611
4.2
4.2
2019-07-23 CVE-2019-1010202 XXE vulnerability in Jeesite 1.2.7
Jeesite 1.2.7 is affected by: XML External Entity (XXE).
network
low complexity
jeesite CWE-611
6.5
6.5
2019-07-18 CVE-2019-7847 XXE vulnerability in Adobe Campaign
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability.
network
low complexity
adobe CWE-611
7.5
7.5
2019-07-18 CVE-2019-1010268 XXE vulnerability in Ladon Project Ladon
Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE).
network
low complexity
ladon-project CWE-611
critical
 9.8
9.8
2019-07-17 CVE-2019-13625 XXE vulnerability in NSA Ghidra 9.0
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.
network
low complexity
nsa CWE-611
critical
 9.1
9.1
2019-07-11 CVE-2018-17152 XXE vulnerability in Intersystems Cache 2017.2.2.865.0/2018.1.2
Intersystems Cache 2017.2.2.865.0 allows XXE.
network
low complexity
intersystems CWE-611
6.4
6.4
2019-07-05 CVE-2019-13358 XXE vulnerability in Opencats
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system.
network
low complexity
opencats CWE-611
7.5
7.5
2019-07-03 CVE-2015-3907 XXE vulnerability in Codeigniter-Restserver Project Codeigniter-Restserver 2.7.1
CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks.
network
low complexity
codeigniter-restserver-project CWE-611
critical
 9.8
9.8
2019-06-28 CVE-2019-13031 XXE vulnerability in multiple products
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server.
network
high complexity
lemonldap-ng debian CWE-611
8.1
8.1
2019-06-28 CVE-2019-9843 XXE vulnerability in Diffplug Gradle and Maven
In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting.
network
high complexity
diffplug CWE-611
7.5
7.5