Total
1154 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3600 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | N/A |
| A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations. | ||||
| CVE-2018-2492 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.1 High |
| SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. | ||||
| CVE-2018-2401 | 1 Redwood | 1 Sap Business Process Automation | 2024-11-21 | N/A |
| SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability. | ||||
| CVE-2018-2393 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | N/A |
| Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | ||||
| CVE-2018-2392 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | N/A |
| Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | ||||
| CVE-2018-2019 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | N/A |
| IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265. | ||||
| CVE-2018-20843 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-11-21 | 7.5 High |
| In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | ||||
| CVE-2018-20733 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-11-21 | N/A |
| BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | ||||
| CVE-2018-20687 | 1 Raritan | 1 Commandcenter Secure Gateway | 2024-11-21 | 9.8 Critical |
| An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2018-20664 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | ||||
| CVE-2018-20433 | 2 Debian, Mchange | 2 Debian Linux, C3p0 | 2024-11-21 | N/A |
| c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. | ||||
| CVE-2018-20318 | 1 Wxjava Project | 1 Wxjava | 2024-11-21 | N/A |
| An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. | ||||
| CVE-2018-20298 | 1 S3browser | 1 S3 Browser | 2024-11-21 | N/A |
| S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol. | ||||
| CVE-2018-20233 | 1 Atlassian | 1 Universal Plugin Manager | 2024-11-21 | N/A |
| The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. | ||||
| CVE-2018-20222 | 1 Airsonic Project | 1 Airsonic | 2024-11-21 | N/A |
| XXE issue in Airsonic before 10.1.2 during parse. | ||||
| CVE-2018-20160 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd. | ||||
| CVE-2018-20157 | 1 Openrefine | 1 Openrefine | 2024-11-21 | N/A |
| The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. | ||||
| CVE-2018-20059 | 1 Pippo | 1 Pippo | 2024-11-21 | N/A |
| jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | ||||
| CVE-2018-20000 | 1 Apereo | 1 Bw-webdav | 2024-11-21 | N/A |
| Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. | ||||
| CVE-2018-1970 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A |
| IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751. | ||||