Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-17247 | XXE vulnerability in Elastic Elasticsearch 6.5.0/6.5.1 Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. | 5.9 |
| 2018-12-20 | CVE-2018-1000844 | XXE vulnerability in Squareup Retrofit 2.4.0 Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. | 9.1 |
| 2018-12-20 | CVE-2018-1000840 | XXE vulnerability in Processing Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. | 6.5 |
| 2018-12-20 | CVE-2018-1000838 | XXE vulnerability in Sleuthkit Autopsy autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | 10.0 |
| 2018-12-20 | CVE-2018-1000837 | XXE vulnerability in Obeo UML Designer UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | 10.0 |
| 2018-12-20 | CVE-2018-1000836 | XXE vulnerability in Apereo Bw-Calendar-Engine 3.12.0 bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | 9.0 |
| 2018-12-20 | CVE-2018-1000835 | XXE vulnerability in Keepassdx Keepass DX 2.5.0.0 KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | 10.0 |
| 2018-12-20 | CVE-2018-1000834 | XXE vulnerability in Runelite runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | 9.0 |
| 2018-12-20 | CVE-2018-1000831 | XXE vulnerability in K9Mail K-9 Mail K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | 10.0 |
| 2018-12-20 | CVE-2018-1000830 | XXE vulnerability in Xr3Player Project Xr3Player XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | 10.0 |