Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2019-04-09 CVE-2019-0791 XXE vulnerability in Microsoft products
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
network
microsoft CWE-611
critical
9.3
2019-04-09 CVE-2019-0790 XXE vulnerability in Microsoft products
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
network
microsoft CWE-611
critical
9.3
2019-04-09 CVE-2019-10244 XXE vulnerability in Eclipse Kura 2.0.2/4.0.0
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.
network
low complexity
eclipse CWE-611
5.0
2019-04-09 CVE-2019-0756 XXE vulnerability in Microsoft products
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
network
microsoft CWE-611
critical
9.3
2019-04-04 CVE-2018-20222 XXE vulnerability in Airsonic Project Airsonic
XXE issue in Airsonic before 10.1.2 during parse.
network
low complexity
airsonic-project CWE-611
7.5
2019-04-02 CVE-2019-4043 XXE vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2019-03-29 CVE-2017-18111 XXE vulnerability in Atlassian Application Links
The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request.
network
low complexity
atlassian CWE-611
5.5
2019-03-29 CVE-2017-18110 XXE vulnerability in Atlassian Crowd
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.
network
low complexity
atlassian CWE-611
4.0
2019-03-25 CVE-2019-3481 XXE vulnerability in HP Arcsight Logger
Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.
network
low complexity
hp CWE-611
7.1
2019-03-25 CVE-2017-9362 XXE vulnerability in Zohocorp Manageengine Servicedesk Plus 9.1/9.2
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
network
low complexity
zohocorp CWE-611
6.5