Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-03 | CVE-2018-13416 | XXE vulnerability in Spirton Universal Media Server 7.1.0 In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. | 9.8 |
| 2018-08-03 | CVE-2017-8316 | XXE vulnerability in Jetbrains Intellij Idea IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | 7.5 |
| 2018-08-02 | CVE-2017-16349 | XXE vulnerability in SAP Business Planning and Consolidation An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. | 8.1 |
| 2018-08-01 | CVE-2018-3881 | XXE vulnerability in Focalscope 2416 An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. | 9.4 |
| 2018-07-31 | CVE-2018-8027 | XXE vulnerability in Apache Camel Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. | 9.8 |
| 2018-07-27 | CVE-2017-7464 | XXE vulnerability in Redhat Jboss Enterprise Application Platform 7.0 It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. | 9.8 |
| 2018-07-26 | CVE-2017-7545 | XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. | 6.5 |
| 2018-07-24 | CVE-2018-10600 | XXE vulnerability in Selinc Acselerator Architect 2.2.24.0 SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. | 9.8 |
| 2018-07-20 | CVE-2014-2296 | XXE vulnerability in Apereo CAS Server XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data. | 8.8 |
| 2018-07-15 | CVE-2018-14065 | XXE vulnerability in PHPoffice Project Common XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. | 9.8 |