Total
1111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20664 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | |||||
| CVE-2018-20433 | 2 Debian, Mchange | 2 Debian Linux, C3p0 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. | |||||
| CVE-2018-20318 | 1 Wxjava Project | 1 Wxjava | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. | |||||
| CVE-2018-20298 | 1 S3browser | 1 S3 Browser | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol. | |||||
| CVE-2018-20233 | 1 Atlassian | 1 Universal Plugin Manager | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. | |||||
| CVE-2018-20222 | 1 Airsonic Project | 1 Airsonic | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XXE issue in Airsonic before 10.1.2 during parse. | |||||
| CVE-2018-20160 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd. | |||||
| CVE-2018-20157 | 1 Openrefine | 1 Openrefine | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. | |||||
| CVE-2018-20059 | 1 Pippo | 1 Pippo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | |||||
| CVE-2018-20000 | 1 Apereo | 1 Bw-webdav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. | |||||
| CVE-2018-1970 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751. | |||||
| CVE-2018-1920 | 1 Ibm | 1 Marketing Platform | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855. | |||||
| CVE-2018-1905 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534. | |||||
| CVE-2018-1846 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945. | |||||
| CVE-2018-1845 | 3 Ibm, Linux, Microsoft | 8 Aix, Infosphere Governance Catalog, Infosphere Information Server and 5 more | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. | |||||
| CVE-2018-1844 | 1 Ibm | 1 Filenet Content Manager | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904. | |||||
| CVE-2018-1835 | 1 Ibm | 1 Daeja Viewone | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514. | |||||
| CVE-2018-1821 | 1 Ibm | 1 Operational Decision Manager | 2024-11-21 | 6.4 MEDIUM | 7.1 HIGH |
| IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170. | |||||
| CVE-2018-1801 | 1 Ibm | 3 App Connect, Integration Bus, Websphere Message Broker | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639. | |||||
| CVE-2018-1747 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428. | |||||