Total
1076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11719 | 1 Xovis | 6 Pc2, Pc2 Firmware, Pc2r and 3 more | 2024-08-05 | N/A |
| Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. | ||||
| CVE-2018-11640 | 1 Dialogic | 1 Powermedia Xms | 2024-08-05 | N/A |
| XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). | ||||
| CVE-2018-11586 | 1 Searchblox | 1 Searchblox | 2024-08-05 | N/A |
| XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2018-10832 | 1 Modbuspal Project | 1 Modbuspal | 2024-08-05 | N/A |
| ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker. | ||||
| CVE-2018-10653 | 1 Citrix | 1 Xenmobile Server | 2024-08-05 | N/A |
| There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | ||||
| CVE-2018-10175 | 1 Digitalguardian | 1 Management Console | 2024-08-05 | N/A |
| Digital Guardian Management Console 7.1.2.0015 has an XXE issue. | ||||
| CVE-2018-10077 | 1 Vertiv | 1 Watchdog Console | 2024-08-05 | 4.9 Medium |
| XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data. | ||||
| CVE-2018-9116 | 1 Wiremock | 1 Wiremock | 2024-08-05 | N/A |
| An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. | ||||
| CVE-2018-8940 | 1 Enghouse | 1 Contact Center\ | 2024-08-05 | N/A |
| ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the malicious XML file, aka an XXE issue. | ||||
| CVE-2018-8819 | 1 Carrier | 1 Automatedlogic Webctrl | 2024-08-05 | N/A |
| An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header. | ||||
| CVE-2018-8532 | 1 Microsoft | 1 Sql Server Management Studio | 2024-08-05 | N/A |
| An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533. | ||||
| CVE-2018-8527 | 1 Microsoft | 1 Sql Server Management Studio | 2024-08-05 | N/A |
| An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533. | ||||
| CVE-2018-8533 | 1 Microsoft | 1 Sql Server Management Studio | 2024-08-05 | N/A |
| An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532. | ||||
| CVE-2018-8494 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-05 | N/A |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| CVE-2018-8420 | 1 Microsoft | 4 Windows 10, Windows 7, Windows 8.1 and 1 more | 2024-08-05 | N/A |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| CVE-2018-7837 | 1 Schneider-electric | 1 Iiot Monior | 2024-08-05 | N/A |
| An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. | ||||
| CVE-2018-7063 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-08-05 | N/A |
| In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts. | ||||
| CVE-2018-6670 | 1 Mcafee | 1 Common Catalog | 2024-08-05 | N/A |
| External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter. | ||||
| CVE-2018-6489 | 1 Microfocus | 1 Project And Portfolio Management Center | 2024-08-05 | N/A |
| XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE) | ||||
| CVE-2018-6225 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-08-05 | N/A |
| An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. | ||||