Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2018-12-20 CVE-2018-1000831 XXE vulnerability in K9Mail K-9 Mail
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
k9mail CWE-611
critical
 10.0
10
2018-12-20 CVE-2018-1000830 XXE vulnerability in Xr3Player Project Xr3Player
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
xr3player-project CWE-611
critical
 10.0
10
2018-12-20 CVE-2018-1000829 XXE vulnerability in Anyplace Project Anyplace
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
high complexity
anyplace-project CWE-611
critical
 9.0
9.0
2018-12-20 CVE-2018-1000828 XXE vulnerability in Frostwire
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
high complexity
frostwire CWE-611
critical
 9.0
9.0
2018-12-20 CVE-2018-1000825 XXE vulnerability in Freecol
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
freecol CWE-611
critical
 10.0
10
2018-12-20 CVE-2018-1000823 XXE vulnerability in Exist-Db Exist
exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
exist-db CWE-611
critical
 10.0
10
2018-12-20 CVE-2018-1000822 XXE vulnerability in Codelibs Fess
codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
codelibs CWE-611
critical
 10.0
10
2018-12-20 CVE-2018-1000821 XXE vulnerability in Micromathematics Project Micromathematics
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
micromathematics-project CWE-611
critical
 10.0
10
2018-12-20 CVE-2018-1000820 XXE vulnerability in Neo4J Awesome Procedures on Cyper
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
neo4j CWE-611
critical
 10.0
10
2018-12-19 CVE-2018-20298 XXE vulnerability in S3Browser S3 Browser
S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol.
network
low complexity
s3browser CWE-611
6.5
6.5