Total
1209 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000889 | 1 Logisim-evolution Project | 1 Logisim-evolution | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4.
|
|||||
| CVE-2018-1000844 | 1 Squareup | 1 Retrofit | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437.
|
|||||
| CVE-2018-1000840 | 1 Processing | 1 Processing | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.
|
|||||
| CVE-2018-1000838 | 1 Sleuthkit | 1 Autopsy | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata.
|
|||||
| CVE-2018-1000837 | 1 Obeo | 1 Uml Designer | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.
|
|||||
| CVE-2018-1000836 | 1 Apereo | 1 Bw-calendar-engine | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
|
bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious server.
|
|||||
| CVE-2018-1000835 | 1 Keepassdx | 1 Keepass Dx | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
|
|||||
| CVE-2018-1000834 | 1 Runelite | 1 Runelite | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
|
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
|
|||||
| CVE-2018-1000831 | 1 K9mail | 1 K-9 Mail | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server.
|
|||||
| CVE-2018-1000830 | 1 Xr3player Project | 1 Xr3player | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
|
|||||
| CVE-2018-1000829 | 1 Anyplace Project | 1 Anyplace | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
|
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4.
|
|||||
| CVE-2018-1000828 | 1 Frostwire | 1 Frostwire | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
|
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.
|
|||||
| CVE-2018-1000825 | 1 Freecol | 1 Freecol | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.
|
|||||
| CVE-2018-1000823 | 1 Exist-db | 1 Exist | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
|
|||||
| CVE-2018-1000822 | 1 Codelibs | 1 Fess | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b.
|
|||||
| CVE-2018-1000821 | 1 Micromathematics Project | 1 Micromathematics | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8.
|
|||||
| CVE-2018-1000820 | 1 Neo4j | 1 Awesome Procedures On Cyper | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c.
|
|||||
| CVE-2018-1000652 | 1 Jabref | 1 Jabref | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.
|
|||||
| CVE-2018-1000651 | 1 Gchq | 1 Stroom | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.
|
|||||
| CVE-2018-1000644 | 1 Eclipse | 1 Rdf4j | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.
|
|||||
| CVE-2018-1000639 | 1 Latexdraw Project | 1 Latexdraw | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file.
|
|||||
| CVE-2018-1000616 | 1 Onosproject | 1 Onos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.
|
|||||
| CVE-2018-1000614 | 1 Onosproject | 1 Onos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.
|
|||||
| CVE-2018-1000548 | 1 Umlet | 1 Umlet | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3.
|
|||||
| CVE-2018-1000546 | 1 Triplea-game | 1 Triplea | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).
|
|||||
| CVE-2018-1000542 | 1 Netbeans-mmd-plugin Project | 1 Netbeans-mmd-plugin | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.
|
|||||
| CVE-2018-1000540 | 1 Loboevolution Project | 1 Loboevolution | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file.
|
|||||
| CVE-2018-1000515 | 1 News-articles Project | 1 News-articles | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server..
|
|||||
| CVE-2018-1000198 | 1 Jenkins | 1 Black Duck Hub | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.
|
|||||
| CVE-2018-1000090 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.
|
|||||
| CVE-2018-1000069 | 2 Debian, Freeplane | 2 Debian Linux, Freeplane | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+.
|
|||||
| CVE-2018-1000056 | 1 Jenkins | 1 Junit | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
|
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
|
|||||
| CVE-2018-1000055 | 1 Jenkins | 1 Android Lint | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
|
Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
|
|||||
| CVE-2018-1000054 | 1 Jenkins | 1 Ccm | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
|
Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
|
|||||
| CVE-2018-1000012 | 1 Jenkins | 1 Warnings | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
|
|||||
| CVE-2018-1000011 | 1 Jenkins | 1 Findbugs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
|
|||||
| CVE-2018-1000010 | 1 Jenkins | 1 Dry | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
|
|||||
| CVE-2018-1000009 | 1 Jenkins | 1 Checkstyle | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
|
|||||
| CVE-2018-1000008 | 1 Jenkins | 1 Pmd | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
|
|||||
| CVE-2018-0765 | 1 Microsoft | 9 .net Core, .net Framework, Windows 10 and 6 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4 ...
Show More |
|||||