Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-29 | CVE-2017-17762 | XXE vulnerability in Episerver 7 XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx. | 7.5 |
| 2018-08-22 | CVE-2018-11758 | XXE vulnerability in Apache Cayenne This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. | 8.1 |
| 2018-08-20 | CVE-2018-1000652 | XXE vulnerability in Jabref JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. | 10.0 |
| 2018-08-20 | CVE-2018-1000651 | XXE vulnerability in Gchq Stroom Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. | 10.0 |
| 2018-08-20 | CVE-2018-1000644 | XXE vulnerability in Eclipse Rdf4J Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. | 10.0 |
| 2018-08-20 | CVE-2018-1000639 | XXE vulnerability in Latexdraw Project Latexdraw LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. | 9.6 |
| 2018-08-13 | CVE-2018-13417 | XXE vulnerability in Vuze Bittorrent Client 5.7.6.0 In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. | 9.8 |
| 2018-08-13 | CVE-2018-13415 | XXE vulnerability in Plex Media Server 1.13.2.5154 In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. | 9.8 |
| 2018-08-10 | CVE-2018-11048 | XXE vulnerability in Dell products Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. | 8.1 |
| 2018-08-08 | CVE-2018-12408 | XXE vulnerability in Tibco products The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. | 7.5 |