Total
1095 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9757 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. | |||||
| CVE-2019-9658 | 3 Checkstyle, Debian, Fedoraproject | 3 Checkstyle, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Checkstyle before 8.18 loads external DTDs by default. | |||||
| CVE-2019-9488 | 1 Trendmicro | 2 Deep Security Manager, Vulnerability Protection | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM). | |||||
| CVE-2019-8999 | 1 Blackberry | 1 Unified Endpoint Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account. | |||||
| CVE-2019-8997 | 1 Blackberry | 1 Athoc | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. | |||||
| CVE-2019-8126 | 1 Magento | 1 Magento | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure. | |||||
| CVE-2019-8087 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-8086 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-8082 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-7847 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user. | |||||
| CVE-2019-7722 | 1 Pmd Project | 1 Pmd | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.) | |||||
| CVE-2019-7442 | 1 Cyberark | 1 Enterprise Password Vault | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | |||||
| CVE-2019-6194 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 4.3 MEDIUM | 5.7 MEDIUM |
| An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | |||||
| CVE-2019-6179 | 1 Lenovo | 2 Xclarity Administrator, Xclarity Integrator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | |||||
| CVE-2019-5918 | 1 Nablarch Project | 1 Nablarch | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
| Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | |||||
| CVE-2019-5748 | 1 Traccar | 1 Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. | |||||
| CVE-2019-5312 | 1 Wxjava Project | 1 Wxjava | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318. | |||||
| CVE-2019-4730 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533. | |||||
| CVE-2019-4707 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018. | |||||
| CVE-2019-4513 | 1 Ibm | 1 Security Access Manager For Enterprise Single Sign-on | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555. | |||||