Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-12 | CVE-2017-8918 | XXE vulnerability in Blackwave Dive Assistant 8.0 XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. | 5.5 |
| 2017-09-09 | CVE-2017-8040 | XXE vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. | 6.5 |
| 2017-09-08 | CVE-2017-9095 | XXE vulnerability in Divinglog Diving LOG XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. | 5.5 |
| 2017-09-07 | CVE-2017-12216 | XXE vulnerability in Cisco Socialminer A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. | 8.8 |
| 2017-09-06 | CVE-2015-7241 | XXE vulnerability in SAP Netweaver 4.0/6.4/7.0 XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | 9.8 |
| 2017-09-06 | CVE-2015-3160 | XXE vulnerability in Beaker-Project Beaker XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system. | 4.3 |
| 2017-09-05 | CVE-2017-1458 | XXE vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2017-08-31 | CVE-2016-5795 | XXE vulnerability in multiple products An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. | 7.3 |
| 2017-08-30 | CVE-2017-12069 | XXE vulnerability in multiple products An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. | 8.2 |
| 2017-08-11 | CVE-2017-11272 | XXE vulnerability in Adobe Digital Editions Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability. | 7.5 |