Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-23 | CVE-2018-1000009 | XXE vulnerability in Jenkins Checkstyle Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.8 |
| 2018-01-23 | CVE-2018-1000008 | XXE vulnerability in Jenkins PMD Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.8 |
| 2018-01-18 | CVE-2018-0108 | XXE vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. | 5.3 |
| 2018-01-18 | CVE-2018-0100 | XXE vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. | 4.4 |
| 2018-01-16 | CVE-2016-0219 | XXE vulnerability in IBM products XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. | 6.5 |
| 2018-01-09 | CVE-2017-1666 | XXE vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2018-01-03 | CVE-2017-1000477 | XXE vulnerability in Xmlbundle Project Xmlbundle 0.1.7 XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks. | 7.5 |
| 2018-01-03 | CVE-2017-1000498 | XXE vulnerability in Androidsvg Project Androidsvg 1.2.2 AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution | 7.8 |
| 2018-01-03 | CVE-2017-1000497 | XXE vulnerability in Pepperminty-Wiki Project Pepperminty-Wiki 0.15 Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution | 9.8 |
| 2018-01-03 | CVE-2017-1000496 | XXE vulnerability in Commsy 9.0.0 Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code. | 8.8 |