Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-1000190 | XXE vulnerability in Simplexml Project Simplexml 2.7.1 SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. | 9.1 |
| 2017-11-17 | CVE-2017-10889 | XXE vulnerability in Tablepress TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | 4.0 |
| 2017-11-13 | CVE-2017-1477 | XXE vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0 IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2017-11-08 | CVE-2017-9096 | XXE vulnerability in Itextpdf Itext The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. | 6.8 |
| 2017-10-27 | CVE-2014-3600 | XXE vulnerability in Apache Activemq XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. | 9.8 |
| 2017-10-27 | CVE-2014-3579 | XXE vulnerability in Apache Activemq Apollo XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. | 9.8 |
| 2017-10-27 | CVE-2016-5002 | XXE vulnerability in Apache Xml-Rpc 3.1.3 XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. | 7.8 |
| 2017-10-19 | CVE-2017-15639 | XXE vulnerability in Getmura Mura CMS tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. | 4.0 |
| 2017-10-17 | CVE-2014-9487 | XXE vulnerability in Mediawiki The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | 7.5 |
| 2017-10-14 | CVE-2017-12629 | XXE vulnerability in multiple products Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. | 9.8 |