Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-06 | CVE-2016-8526 | XXE vulnerability in HP Airwave Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). | 8.8 |
| 2018-08-04 | CVE-2018-14473 | XXE vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1 OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. | 9.1 |
| 2018-08-03 | CVE-2018-13416 | XXE vulnerability in Spirton Universal Media Server 7.1.0 In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. | 9.8 |
| 2018-08-03 | CVE-2017-8316 | XXE vulnerability in Jetbrains Intellij Idea IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | 7.5 |
| 2018-08-02 | CVE-2017-16349 | XXE vulnerability in SAP Business Planning and Consolidation An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. | 8.1 |
| 2018-08-01 | CVE-2018-3881 | XXE vulnerability in Focalscope 2416 An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. | 9.4 |
| 2018-07-31 | CVE-2018-8027 | XXE vulnerability in Apache Camel Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. | 9.8 |
| 2018-07-26 | CVE-2017-7545 | XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. | 6.5 |
| 2018-07-24 | CVE-2018-10600 | XXE vulnerability in Selinc Acselerator Architect 2.2.24.0 SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. | 9.8 |
| 2018-07-20 | CVE-2014-2296 | XXE vulnerability in Apereo CAS Server XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data. | 8.8 |