Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-18 | CVE-2019-7847 | XXE vulnerability in Adobe Campaign Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. | 7.5 |
| 2019-07-18 | CVE-2019-1010268 | XXE vulnerability in Ladon Project Ladon Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). | 9.8 |
| 2019-07-17 | CVE-2019-13625 | XXE vulnerability in NSA Ghidra 9.0 NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file. | 9.1 |
| 2019-07-11 | CVE-2018-17152 | XXE vulnerability in Intersystems Cache 2017.2.2.865.0/2018.1.2 Intersystems Cache 2017.2.2.865.0 allows XXE. | 6.4 |
| 2019-07-05 | CVE-2019-13358 | XXE vulnerability in Opencats lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. | 7.5 |
| 2019-07-03 | CVE-2015-3907 | XXE vulnerability in Codeigniter-Restserver Project Codeigniter-Restserver 2.7.1 CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks. | 9.8 |
| 2019-06-28 | CVE-2019-13031 | XXE vulnerability in multiple products LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. | 8.1 |
| 2019-06-28 | CVE-2019-9843 | XXE vulnerability in Diffplug Gradle and Maven In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. | 7.5 |
| 2019-06-24 | CVE-2018-20843 | XXE vulnerability in multiple products In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). network low complexity libexpat-project canonical debian fedoraproject opensuse oracle tenable CWE-611 | 7.5 |
| 2019-06-21 | CVE-2019-11392 | XXE vulnerability in Dotnetblogengine Blogengine.Net BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. | 7.5 |