Total
1076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10264 | 1 Ahsay | 1 Cloud Backup Suite | 2024-08-04 | N/A |
| An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE. | ||||
| CVE-2019-10266 | 1 Ahsay | 1 Cloud Backup Suite | 2024-08-04 | N/A |
| An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication. | ||||
| CVE-2019-10172 | 4 Apache, Debian, Fasterxml and 1 more | 8 Spark, Debian Linux, Jackson-mapper-asl and 5 more | 2024-08-04 | 7.5 High |
| A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. | ||||
| CVE-2019-10080 | 1 Apache | 1 Nifi | 2024-08-04 | 6.5 Medium |
| The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses. | ||||
| CVE-2019-9843 | 1 Diffplug | 2 Gradle, Maven | 2024-08-04 | N/A |
| In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file. | ||||
| CVE-2019-9757 | 1 Labkey | 1 Labkey Server | 2024-08-04 | 7.5 High |
| An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. | ||||
| CVE-2019-9761 | 1 Phpshe | 1 Phpshe | 2024-08-04 | N/A |
| An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php. | ||||
| CVE-2019-9670 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-08-04 | 9.8 Critical |
| mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. | ||||
| CVE-2019-9658 | 3 Checkstyle, Debian, Fedoraproject | 3 Checkstyle, Debian Linux, Fedora | 2024-08-04 | N/A |
| Checkstyle before 8.18 loads external DTDs by default. | ||||
| CVE-2019-9488 | 1 Trendmicro | 2 Deep Security Manager, Vulnerability Protection | 2024-08-04 | 4.9 Medium |
| Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM). | ||||
| CVE-2019-8999 | 1 Blackberry | 1 Unified Endpoint Management | 2024-08-04 | N/A |
| An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account. | ||||
| CVE-2019-8997 | 1 Blackberry | 1 Athoc | 2024-08-04 | N/A |
| An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. | ||||
| CVE-2019-8087 | 1 Adobe | 1 Experience Manager | 2024-08-04 | 7.5 High |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-8086 | 1 Adobe | 1 Experience Manager | 2024-08-04 | 7.5 High |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-8126 | 1 Magento | 1 Magento | 2024-08-04 | 4.9 Medium |
| An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure. | ||||
| CVE-2019-8082 | 1 Adobe | 1 Experience Manager | 2024-08-04 | 7.5 High |
| Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-7847 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-08-04 | N/A |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user. | ||||
| CVE-2019-7722 | 1 Pmd Project | 1 Pmd | 2024-08-04 | N/A |
| PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.) | ||||
| CVE-2019-7442 | 1 Cyberark | 1 Enterprise Password Vault | 2024-08-04 | N/A |
| An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | ||||
| CVE-2019-5918 | 1 Nablarch Project | 1 Nablarch | 2024-08-04 | N/A |
| Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | ||||