Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-1000546 | XXE vulnerability in Triplea-Game Triplea Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. | 6.8 |
| 2018-06-26 | CVE-2018-1000542 | XXE vulnerability in Netbeans-Mmd-Plugin Project Netbeans-Mmd-Plugin 1.4.3 netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. | 6.8 |
| 2018-06-26 | CVE-2018-1000540 | XXE vulnerability in Loboevolution Project Loboevolution LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. | 6.8 |
| 2018-06-26 | CVE-2018-1000515 | XXE vulnerability in News-Articles Project News-Articles 00.09.11 ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server.. | 5.0 |
| 2018-06-14 | CVE-2018-8819 | XXE vulnerability in Carrier Automatedlogic Webctrl 6.0/6.1/6.5 An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. | 5.0 |
| 2018-06-13 | CVE-2018-5434 | XXE vulnerability in Tibco Runtime Agent The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. | 6.8 |
| 2018-06-13 | CVE-2018-5433 | XXE vulnerability in Tibco Administrator The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. | 6.8 |
| 2018-06-11 | CVE-2017-3208 | XXE vulnerability in Themidnightcoders Weborb for Java 5.1.1.0 The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. | 7.5 |
| 2018-06-11 | CVE-2017-3206 | XXE vulnerability in Exadel Flamingo 2.2.0 The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. | 7.5 |
| 2018-06-07 | CVE-2018-6670 | XXE vulnerability in Mcafee Common Catalog 2.0.0 External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter. | 6.5 |