Total
1076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20733 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-08-05 | N/A |
| BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | ||||
| CVE-2018-20843 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-08-05 | 7.5 High |
| In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | ||||
| CVE-2018-20687 | 1 Raritan | 1 Commandcenter Secure Gateway | 2024-08-05 | 9.8 Critical |
| An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2018-20664 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-05 | N/A |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | ||||
| CVE-2018-20433 | 2 Debian, Mchange | 2 Debian Linux, C3p0 | 2024-08-05 | N/A |
| c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. | ||||
| CVE-2018-20222 | 1 Airsonic Project | 1 Airsonic | 2024-08-05 | N/A |
| XXE issue in Airsonic before 10.1.2 during parse. | ||||
| CVE-2018-20157 | 1 Openrefine | 1 Openrefine | 2024-08-05 | N/A |
| The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. | ||||
| CVE-2018-20160 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-08-05 | N/A |
| ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd. | ||||
| CVE-2018-19858 | 1 Princexml | 1 Princexml | 2024-08-05 | N/A |
| PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF. | ||||
| CVE-2018-19371 | 1 Sdl | 1 Web Content Manager | 2024-08-05 | N/A |
| The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system. | ||||
| CVE-2018-19244 | 1 Charlesproxy | 1 Charles | 2024-08-05 | N/A |
| An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed and information may be leaked. | ||||
| CVE-2018-18737 | 1 Douchat | 1 Douchat | 2024-08-05 | N/A |
| An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF. | ||||
| CVE-2018-18471 | 4 Axentra, Medion, Netgear and 1 more | 4 Hipserv, Lifecloud, Stora and 1 more | 2024-08-05 | N/A |
| /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device. | ||||
| CVE-2018-18406 | 1 Tufin | 2 Securetrack, Tufinos | 2024-08-05 | N/A |
| An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response doesn't directly display a requested file, but rather returns it inside the name data field when the report is saved. An attacker is able to view restricted operating system files. This issue affects all types of users: administrators or normal users. | ||||
| CVE-2018-17912 | 1 Sauter-controls | 1 Case Suite | 2024-08-05 | N/A |
| An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. | ||||
| CVE-2018-17411 | 1 Informationbuilders | 1 Data Quality Suite | 2024-08-05 | N/A |
| An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. | ||||
| CVE-2018-17247 | 1 Elastic | 1 Elasticsearch | 2024-08-05 | N/A |
| Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to. | ||||
| CVE-2018-17289 | 1 Kofax | 1 Front Office Server | 2024-08-05 | N/A |
| An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter. | ||||
| CVE-2018-17152 | 1 Intersystems | 1 Cache | 2024-08-05 | N/A |
| Intersystems Cache 2017.2.2.865.0 allows XXE. | ||||
| CVE-2018-17169 | 1 Printeron | 1 Printeron | 2024-08-05 | N/A |
| An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||