Total
1076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5748 | 1 Traccar | 1 Server | 2024-08-04 | N/A |
| In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. | ||||
| CVE-2019-5312 | 1 Wxjava Project | 1 Wxjava | 2024-08-04 | N/A |
| An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318. | ||||
| CVE-2019-4391 | 1 Hcltech | 1 Appscan | 2024-08-04 | 8.2 High |
| HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | ||||
| CVE-2019-3481 | 1 Hp | 1 Arcsight Logger | 2024-08-04 | N/A |
| Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. | ||||
| CVE-2019-1187 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2024-08-04 | 5.5 Medium |
| A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. | ||||
| CVE-2019-1057 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2024-08-04 | 7.5 High |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input. | ||||
| CVE-2019-1060 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-08-04 | 8.8 High |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | ||||
| CVE-2019-0792 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | N/A |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795. | ||||
| CVE-2019-0948 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | N/A |
| An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity, aka 'Windows Event Viewer Information Disclosure Vulnerability'. | ||||
| CVE-2019-0795 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | N/A |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793. | ||||
| CVE-2019-0791 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | N/A |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | ||||
| CVE-2019-0793 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | N/A |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795. | ||||
| CVE-2019-0790 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-08-04 | N/A |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | ||||
| CVE-2019-0756 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | N/A |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | ||||
| CVE-2019-0340 | 1 Sap | 1 Enable Now | 2024-08-04 | N/A |
| The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files. | ||||
| CVE-2019-0284 | 1 Sap | 1 Hana | 2024-08-04 | N/A |
| SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files. | ||||
| CVE-2019-0277 | 1 Sap | 1 Hana Extended Application Services | 2024-08-04 | N/A |
| SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability). | ||||
| CVE-2019-0265 | 1 Sap | 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more | 2024-08-04 | N/A |
| SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75. | ||||
| CVE-2019-0228 | 3 Apache, Fedoraproject, Oracle | 14 James, Pdfbox, Fedora and 11 more | 2024-08-04 | 9.8 Critical |
| Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | ||||
| CVE-2019-0188 | 2 Apache, Oracle | 5 Camel, Enterprise Data Quality, Enterprise Manager Base Platform and 2 more | 2024-08-04 | 7.5 High |
| Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. | ||||