Vulnerabilities (CVE)

CWE filter

CWE-611

Filter

393 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-4419 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2019-08-23 6.4
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory...
CVE-2019-15160 1 Kbrw 1 Sweet Xml 2019-08-23 5.0
The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.
CVE-2018-14720 4 Fasterxml, Debian, Oracle and 1 more 13 Jackson-databind, Debian Linux, Banking Platform and 10 more 2019-08-21 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2019-1187 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-21 5.0
A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input, aka 'XmlLite Runtime Denial of Service Vulnerability'.
CVE-2019-1057 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 9.3
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
CVE-2019-14693 1 Zohocorp 1 Manageengine Assetexplorer 2019-08-16 5.5
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2018-14383 1 Ttpsc 1 The Scheduler 2019-08-14 5.0
The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7
CVE-2017-18438 1 Cpanel 1 Cpanel 2019-08-09 6.5
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
CVE-2019-14277 2019-08-07 7.5
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local...
CVE-2019-10976 2019-08-06 4.3
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the...
CVE-2019-13990 1 Softwareag 1 Quartz 2019-08-05 7.5
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
CVE-2019-1010202 1 Jeesite 1 Jeesite 2019-08-05 4.0
Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: convertToModel() function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack...
CVE-2019-4456 1 Ibm 1 Daeja Viewone 2019-07-31 5.5
IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or...
CVE-2019-10264 1 Ahsay 1 Cloud Backup Suite 2019-07-31 6.5
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can...
CVE-2019-10266 1 Ahsay 1 Cloud Backup Suite 2019-07-31 7.8
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.
CVE-2019-4062 2019-07-31 5.5
IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory...
CVE-2017-6662 1 Cisco 2 Evolved Programmable Network Manager, Prime Infrastructure 2019-07-29 6.0
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as...
CVE-2019-1010268 2019-07-24 7.5
Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers....
CVE-2017-1000190 1 Simplexml Project 1 Simplexml 2019-07-23 6.4
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
CVE-2019-7847 1 Adobe 1 Campaign 2019-07-21 5.0
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of...