Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-05 | CVE-2018-8026 | XXE vulnerability in multiple products This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). | 5.5 |
| 2018-07-03 | CVE-2018-11640 | XXE vulnerability in Dialogic Powermedia XMS 3.5 XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). | 9.1 |
| 2018-07-03 | CVE-2018-7783 | XXE vulnerability in Schneider-Electric Somachine Basic Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. | 7.5 |
| 2018-06-26 | CVE-2018-1000548 | XXE vulnerability in Umlet Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. | 7.8 |
| 2018-06-26 | CVE-2018-1000546 | XXE vulnerability in Triplea-Game Triplea Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. | 7.8 |
| 2018-06-26 | CVE-2018-1000542 | XXE vulnerability in Netbeans-Mmd-Plugin Project Netbeans-Mmd-Plugin 1.4.3 netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. | 7.8 |
| 2018-06-26 | CVE-2018-1000540 | XXE vulnerability in Loboevolution Project Loboevolution LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. | 7.8 |
| 2018-06-26 | CVE-2018-1000515 | XXE vulnerability in News-Articles Project News-Articles 00.09.11 ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server.. | 7.5 |
| 2018-06-14 | CVE-2018-8819 | XXE vulnerability in Carrier Automatedlogic Webctrl 6.0/6.1/6.5 An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. | 7.5 |
| 2018-06-13 | CVE-2018-5434 | XXE vulnerability in Tibco Runtime Agent The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. | 6.5 |