Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-30 | CVE-2019-10309 | XXE vulnerability in Jenkins Self-Organizing Swarm Modules Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients. | 9.3 |
| 2019-04-25 | CVE-2019-11519 | XXE vulnerability in Nopcommerce Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen. | 4.9 |
| 2019-04-23 | CVE-2018-17169 | XXE vulnerability in Printeron An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 7.7 |
| 2019-04-18 | CVE-2018-17289 | XXE vulnerability in Kofax Front Office Server 4.1.1.11.0.5212 An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter. | 6.5 |
| 2019-04-18 | CVE-2019-8999 | XXE vulnerability in Blackberry Unified Endpoint Management An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account. | 7.5 |
| 2019-04-17 | CVE-2019-0228 | XXE vulnerability in multiple products Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | 9.8 |
| 2019-04-10 | CVE-2019-0284 | XXE vulnerability in SAP Hana 1.0/2.0 SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. | 6.0 |
| 2019-04-09 | CVE-2019-0795 | XXE vulnerability in Microsoft products A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | 8.8 |
| 2019-04-09 | CVE-2019-0793 | XXE vulnerability in Microsoft products A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | 8.8 |
| 2019-04-09 | CVE-2019-0792 | XXE vulnerability in Microsoft products A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | 8.8 |