Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2019-04-17 CVE-2019-0228 XXE vulnerability in multiple products
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
network
low complexity
apache fedoraproject oracle CWE-611
critical
 9.8
9.8
2019-04-10 CVE-2019-0284 XXE vulnerability in SAP Hana 1.0/2.0
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source.
local
low complexity
sap CWE-611
6.0
6.0
2019-04-09 CVE-2019-0795 XXE vulnerability in Microsoft products
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-611
8.8
8.8
2019-04-09 CVE-2019-0793 XXE vulnerability in Microsoft products
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-611
8.8
8.8
2019-04-09 CVE-2019-0792 XXE vulnerability in Microsoft products
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-611
8.8
8.8
2019-04-09 CVE-2019-0791 XXE vulnerability in Microsoft products
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-611
8.8
8.8
2019-04-09 CVE-2019-0790 XXE vulnerability in Microsoft products
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-611
8.8
8.8
2019-04-09 CVE-2019-10244 XXE vulnerability in Eclipse Kura
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.
network
low complexity
eclipse CWE-611
7.5
7.5
2019-04-09 CVE-2019-0756 XXE vulnerability in Microsoft products
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-611
8.8
8.8
2019-04-04 CVE-2018-20222 XXE vulnerability in Airsonic Project Airsonic
XXE issue in Airsonic before 10.1.2 during parse.
network
low complexity
airsonic-project CWE-611
critical
 9.8
9.8