Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3172 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20551 | 3 Canonical, Freedesktop, Redhat | 3 Ubuntu Linux, Poppler, Enterprise Linux | 2024-11-21 | N/A |
| A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | ||||
| CVE-2018-20433 | 2 Debian, Mchange | 2 Debian Linux, C3p0 | 2024-11-21 | N/A |
| c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. | ||||
| CVE-2018-20318 | 1 Wxjava Project | 1 Wxjava | 2024-11-21 | N/A |
| An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. | ||||
| CVE-2018-20298 | 1 S3browser | 1 S3 Browser | 2024-11-21 | N/A |
| S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol. | ||||
| CVE-2018-20233 | 1 Atlassian | 1 Universal Plugin Manager | 2024-11-21 | N/A |
| The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. | ||||
| CVE-2018-20222 | 1 Airsonic Project | 1 Airsonic | 2024-11-21 | N/A |
| XXE issue in Airsonic before 10.1.2 during parse. | ||||
| CVE-2018-20217 | 3 Debian, Mit, Redhat | 4 Debian Linux, Kerberos, Ansible Tower and 1 more | 2024-11-21 | 5.3 Medium |
| A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. | ||||
| CVE-2018-20160 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd. | ||||
| CVE-2018-20157 | 1 Openrefine | 1 Openrefine | 2024-11-21 | N/A |
| The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. | ||||
| CVE-2018-20059 | 1 Pippo | 1 Pippo | 2024-11-21 | N/A |
| jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | ||||
| CVE-2018-20000 | 1 Apereo | 1 Bw-webdav | 2024-11-21 | N/A |
| Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. | ||||
| CVE-2018-1970 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A |
| IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751. | ||||
| CVE-2018-1920 | 1 Ibm | 1 Marketing Platform | 2024-11-21 | N/A |
| IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855. | ||||
| CVE-2018-1905 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534. | ||||
| CVE-2018-1846 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-11-21 | N/A |
| IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945. | ||||
| CVE-2018-1845 | 3 Ibm, Linux, Microsoft | 8 Aix, Infosphere Governance Catalog, Infosphere Information Server and 5 more | 2024-11-21 | 7.1 High |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. | ||||
| CVE-2018-1844 | 1 Ibm | 1 Filenet Content Manager | 2024-11-21 | N/A |
| IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904. | ||||
| CVE-2018-1835 | 1 Ibm | 1 Daeja Viewone | 2024-11-21 | N/A |
| IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514. | ||||
| CVE-2018-1821 | 1 Ibm | 1 Operational Decision Manager | 2024-11-21 | N/A |
| IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170. | ||||
| CVE-2018-1801 | 1 Ibm | 3 App Connect, Integration Bus, Websphere Message Broker | 2024-11-21 | N/A |
| IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639. | ||||