Total
992 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0170 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2017-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability". | |||||
| CVE-2017-8918 | 1 Blackwave | 1 Dive Assistant | 2017-09-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. | |||||
| CVE-2015-3160 | 1 Beaker-project | 1 Beaker | 2017-09-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system. | |||||
| CVE-2010-2245 | 1 Apache | 1 Wink | 2017-08-16 | 5.8 MEDIUM | 7.4 HIGH |
| XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document. | |||||
| CVE-2017-11272 | 1 Adobe | 1 Digital Editions | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability. | |||||
| CVE-2017-7457 | 1 Moxa | 1 Mx-aopc Server | 2017-08-16 | 1.9 LOW | 5.0 MEDIUM |
| XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. | |||||
| CVE-2015-0194 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. | |||||
| CVE-2017-1383 | 1 Ibm | 2 Infosphere Information Server, Softlayer | 2017-08-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. | |||||
| CVE-2017-11390 | 1 Trendmicro | 1 Control Manager | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. | |||||
| CVE-2016-7460 | 1 Vmware | 1 Vrealize Automation | 2017-07-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-7458 | 1 Vmware | 1 Vsphere Client | 2017-07-28 | 5.0 MEDIUM | 5.8 MEDIUM |
| VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2017-1219 | 1 Ibm | 1 Bigfix Platform | 2017-07-25 | 5.5 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. | |||||
| CVE-2017-7664 | 1 Apache | 1 Openmeetings | 2017-07-19 | 7.5 HIGH | 10.0 CRITICAL |
| Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | |||||
| CVE-2017-1254 | 1 Ibm | 1 Security Guardium | 2017-07-17 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. | |||||
| CVE-2017-3811 | 1 Cisco | 1 Webex Meetings Server | 2017-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054. | |||||
| CVE-2017-7907 | 1 Schneider-electric | 1 Wonderware Historian Client | 2017-07-08 | 3.3 LOW | 6.6 MEDIUM |
| An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network. | |||||
| CVE-2017-9231 | 1 Citrix | 1 Xenmobile Server | 2017-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-10670 | 1 Xoev | 1 Osci Transport Library | 2017-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure. | |||||
| CVE-2017-1322 | 1 Ibm | 1 Api Connect | 2017-07-05 | 6.4 MEDIUM | 8.2 HIGH |
| IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918. | |||||
| CVE-2016-0254 | 1 Ibm | 1 Cognos Business Intelligence | 2017-06-14 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563. | |||||