Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-16166 | XXE vulnerability in Jpcert Logontracer LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | 8.8 |
| 2019-01-09 | CVE-2019-5748 | XXE vulnerability in Traccar Server 4.2 In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. | 9.8 |
| 2019-01-07 | CVE-2018-11788 | XXE vulnerability in Apache Karaf Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. | 9.8 |
| 2019-01-04 | CVE-2019-5312 | XXE vulnerability in Wxjava Project Wxjava 3.3.0 An issue was discovered in weixin-java-tools v3.3.0. | 9.8 |
| 2019-01-03 | CVE-2018-20664 | XXE vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | 9.8 |
| 2019-01-02 | CVE-2018-19371 | XXE vulnerability in SDL web Content Manager 8.5.0 The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system. | 6.5 |
| 2018-12-28 | CVE-2018-1000889 | XXE vulnerability in Logisim-Evolution Project Logisim-Evolution Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. | 8.8 |
| 2018-12-24 | CVE-2018-7837 | XXE vulnerability in Schneider-Electric Iiot Monior 3.1.38 An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. | 7.5 |
| 2018-12-24 | CVE-2018-20433 | XXE vulnerability in multiple products c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. | 9.8 |
| 2018-12-21 | CVE-2018-20318 | XXE vulnerability in Wxjava Project Wxjava 3.2.0 An issue was discovered in weixin-java-tools v3.2.0. | 9.8 |