Total
1035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11640 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). | |||||
| CVE-2018-11586 | 1 Searchblox | 1 Searchblox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | |||||
| CVE-2018-11048 | 1 Dell | 2 Emc Data Protection Advisor, Emc Integrated Data Protection Appliance | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request. | |||||
| CVE-2018-10832 | 1 Modbuspal Project | 1 Modbuspal | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker. | |||||
| CVE-2018-10653 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-10614 | 1 We-con | 1 Levistudiou | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files. | |||||
| CVE-2018-10613 | 1 Ge | 1 Mds Pulsenet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. | |||||
| CVE-2018-10600 | 1 Selinc | 1 Acselerator Architect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. | |||||
| CVE-2018-10175 | 1 Digitalguardian | 1 Management Console | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Digital Guardian Management Console 7.1.2.0015 has an XXE issue. | |||||
| CVE-2018-10077 | 1 Vertiv | 1 Watchdog Console | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data. | |||||
| CVE-2018-1000889 | 1 Logisim-evolution Project | 1 Logisim-evolution | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4. | |||||
| CVE-2018-1000844 | 1 Squareup | 1 Retrofit | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437. | |||||
| CVE-2018-1000840 | 1 Processing | 1 Processing | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document. | |||||
| CVE-2018-1000838 | 1 Sleuthkit | 1 Autopsy | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata. | |||||
| CVE-2018-1000837 | 1 Obeo | 1 Uml Designer | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file. | |||||
| CVE-2018-1000836 | 1 Apereo | 1 Bw-calendar-engine | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
| bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious server. | |||||
| CVE-2018-1000835 | 1 Keepassdx | 1 Keepass Dx | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | |||||
| CVE-2018-1000834 | 1 Runelite | 1 Runelite | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
| runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | |||||
| CVE-2018-1000831 | 1 K9mail | 1 K-9 Mail | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server. | |||||
| CVE-2018-1000830 | 1 Xr3player Project | 1 Xr3player | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | |||||