Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-20 | CVE-2018-1000652 | XXE vulnerability in Jabref JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. | 10.0 |
| 2018-08-20 | CVE-2018-1000651 | XXE vulnerability in Gchq Stroom Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. | 10.0 |
| 2018-08-20 | CVE-2018-1000644 | XXE vulnerability in Eclipse Rdf4J Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. | 10.0 |
| 2018-08-20 | CVE-2018-1000639 | XXE vulnerability in Latexdraw Project Latexdraw LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. | 9.6 |
| 2018-08-13 | CVE-2018-13417 | XXE vulnerability in Vuze Bittorrent Client 5.7.6.0 In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. | 9.8 |
| 2018-08-13 | CVE-2018-13415 | XXE vulnerability in Plex Media Server 1.13.2.5154 In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. | 9.8 |
| 2018-08-10 | CVE-2018-11048 | XXE vulnerability in Dell products Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. | 8.1 |
| 2018-08-08 | CVE-2018-12408 | XXE vulnerability in Tibco products The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. | 7.5 |
| 2018-08-06 | CVE-2016-8526 | XXE vulnerability in HP Airwave Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). | 8.8 |
| 2018-08-04 | CVE-2018-14473 | XXE vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1 OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. | 9.1 |