Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-14 | CVE-2018-12585 | XXE vulnerability in Opcfoundation Ua-.Net-Legacy and Ua-Java An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | 8.2 |
| 2018-09-13 | CVE-2018-8420 | XXE vulnerability in Microsoft products A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
| 2018-09-05 | CVE-2018-16252 | XXE vulnerability in Fspro Event LOG Explorer 4.6.1.2115 FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. | 3.3 |
| 2018-09-05 | CVE-2018-16521 | XXE vulnerability in Openmrs Html Form Entry and Reference Application An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. | 9.8 |
| 2018-09-01 | CVE-2018-16303 | XXE vulnerability in Tracker-Software Pdf-Xchange Editor PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. | 7.5 |
| 2018-08-30 | CVE-2018-11719 | XXE vulnerability in Xovis PC2 Firmware, Pc2R Firmware and PC3 Firmware Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. | 4.9 |
| 2018-08-30 | CVE-2018-13826 | XXE vulnerability in multiple products An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | 9.1 |
| 2018-08-30 | CVE-2018-13823 | XXE vulnerability in multiple products An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | 7.5 |
| 2018-08-29 | CVE-2017-17762 | XXE vulnerability in Episerver 7 XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx. | 7.5 |
| 2018-08-22 | CVE-2018-11758 | XXE vulnerability in Apache Cayenne This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. | 8.1 |