Total
1076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-3208 | 1 Themidnightcoders | 1 Weborb For Java | 2024-08-05 | N/A |
| The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery. | ||||
| CVE-2017-3206 | 1 Exadel | 1 Flamingo | 2024-08-05 | N/A |
| The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery. | ||||
| CVE-2017-2815 | 1 Igniterealtime | 1 User Import Export | 2024-08-05 | N/A |
| An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability. | ||||
| CVE-2017-2308 | 1 Juniper | 1 Junos Space | 2024-08-05 | N/A |
| An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. | ||||
| CVE-2017-1322 | 1 Ibm | 1 Api Connect | 2024-08-05 | N/A |
| IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918. | ||||
| CVE-2017-1289 | 2 Ibm, Redhat | 3 Sdk, Network Satellite, Rhel Extras | 2024-08-05 | N/A |
| IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. | ||||
| CVE-2017-1149 | 1 Ibm | 1 Urbancode Deploy | 2024-08-05 | N/A |
| IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202. | ||||
| CVE-2017-1103 | 1 Ibm | 2 Rational Quality Manager, Rational Team Concert | 2024-08-05 | N/A |
| IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665. | ||||
| CVE-2018-1000542 | 1 Netbeans-mmd-plugin Project | 1 Netbeans-mmd-plugin | 2024-08-05 | N/A |
| netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file. | ||||
| CVE-2018-1000548 | 1 Umlet | 1 Umlet | 2024-08-05 | N/A |
| Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3. | ||||
| CVE-2018-1000546 | 1 Triplea-game | 1 Triplea | 2024-08-05 | N/A |
| Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML). | ||||
| CVE-2018-1000540 | 1 Loboevolution Project | 1 Loboevolution | 2024-08-05 | N/A |
| LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file. | ||||
| CVE-2018-1000515 | 1 News-articles Project | 1 News-articles | 2024-08-05 | N/A |
| ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server.. | ||||
| CVE-2018-1000090 | 1 Textpattern | 1 Textpattern | 2024-08-05 | N/A |
| textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file. | ||||
| CVE-2018-1000069 | 2 Debian, Freeplane | 2 Debian Linux, Freeplane | 2024-08-05 | N/A |
| FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+. | ||||
| CVE-2018-1000056 | 1 Jenkins | 1 Junit | 2024-08-05 | N/A |
| Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | ||||
| CVE-2018-1000055 | 1 Jenkins | 1 Android Lint | 2024-08-05 | N/A |
| Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | ||||
| CVE-2018-1000054 | 1 Jenkins | 1 Ccm | 2024-08-05 | N/A |
| Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | ||||
| CVE-2018-1000008 | 1 Jenkins | 1 Pmd | 2024-08-05 | N/A |
| Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | ||||
| CVE-2018-25082 | 1 Wechat Sdk Python Project | 1 Wechat Sdk Python | 2024-08-05 | 6.3 Medium |
| A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403. | ||||