Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2018-12-20 CVE-2018-1000829 XXE vulnerability in Anyplace Project Anyplace
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
high complexity
anyplace-project CWE-611
critical
 9.0
9.0
2018-12-20 CVE-2018-1000828 XXE vulnerability in Frostwire
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
high complexity
frostwire CWE-611
critical
 9.0
9.0
2018-12-20 CVE-2018-1000825 XXE vulnerability in Freecol
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
freecol CWE-611
critical
 10.0
10
2018-12-20 CVE-2018-1000823 XXE vulnerability in Exist-Db Exist
exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
exist-db CWE-611
critical
 10.0
10
2018-12-20 CVE-2018-1000822 XXE vulnerability in Codelibs Fess
codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
codelibs CWE-611
critical
 10.0
10
2018-12-20 CVE-2018-1000821 XXE vulnerability in Micromathematics Project Micromathematics
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
micromathematics-project CWE-611
critical
 10.0
10
2018-12-20 CVE-2018-1000820 XXE vulnerability in Neo4J Awesome Procedures on Cyper
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
neo4j CWE-611
critical
 10.0
10
2018-12-19 CVE-2018-20298 XXE vulnerability in S3Browser S3 Browser
S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol.
network
low complexity
s3browser CWE-611
6.5
6.5
2018-12-15 CVE-2018-20157 XXE vulnerability in Openrefine
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
network
low complexity
openrefine CWE-611
7.5
7.5
2018-12-13 CVE-2018-1821 XXE vulnerability in IBM Operational Decision Manager
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
 9.1
9.1