Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-03 | CVE-2017-1000498 | XXE vulnerability in Androidsvg Project Androidsvg 1.2.2 AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution | 7.8 |
| 2018-01-03 | CVE-2017-1000497 | XXE vulnerability in Pepperminty-Wiki Project Pepperminty-Wiki 0.15 Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution | 9.8 |
| 2018-01-03 | CVE-2017-1000496 | XXE vulnerability in Commsy 9.0.0 Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code. | 8.8 |
| 2017-12-29 | CVE-2014-3630 | XXE vulnerability in multiple products XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data. | 9.8 |
| 2017-12-15 | CVE-2017-14101 | XXE vulnerability in Changehealthcare Conserus Image Repository 2.1.1.105 A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. | 9.8 |
| 2017-12-01 | CVE-2017-11286 | XXE vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. | 7.5 |
| 2017-11-30 | CVE-2017-14949 | XXE vulnerability in Restlet Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. | 7.5 |
| 2017-11-30 | CVE-2017-14868 | XXE vulnerability in Restlet Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. | 7.5 |
| 2017-11-17 | CVE-2017-1000190 | XXE vulnerability in Simplexml Project Simplexml 2.7.1 SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. | 9.1 |
| 2017-11-17 | CVE-2017-10889 | XXE vulnerability in Tablepress TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | 4.3 |