CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-611

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-5312 611 2019-01-04 2019-01-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318.
2 CVE-2018-1000838 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata.
3 CVE-2018-1000837 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.
4 CVE-2018-1000835 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
5 CVE-2018-1000834 611 DoS 2018-12-20 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
6 CVE-2018-1000831 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server.
7 CVE-2018-1000830 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
8 CVE-2018-1000828 611 DoS 2018-12-20 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.
9 CVE-2018-1000825 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.
10 CVE-2018-1000823 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
11 CVE-2018-1000822 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b.
12 CVE-2018-1000821 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8.
13 CVE-2018-1000820 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c.
14 CVE-2018-1000652 611 DoS 2018-08-20 2018-10-23
7.5
None Remote Low Not required Partial Partial Partial
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.
15 CVE-2018-1000651 611 DoS 2018-08-20 2018-11-01
7.5
None Remote Low Not required Partial Partial Partial
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.
16 CVE-2018-1000644 611 DoS 2018-08-20 2018-11-01
7.5
None Remote Low Not required Partial Partial Partial
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.
17 CVE-2018-1000639 611 2018-08-20 2018-10-29
6.8
None Remote Medium Not required Partial Partial Partial
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file.
18 CVE-2018-1000616 611 2018-07-09 2018-09-04
7.5
None Remote Low Not required Partial Partial Partial
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.
19 CVE-2018-1000614 611 2018-07-09 2018-09-04
7.5
None Remote Low Not required Partial Partial Partial
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.
20 CVE-2018-1000548 611 DoS 2018-06-26 2018-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3.
21 CVE-2018-1000546 611 Exec Code 2018-06-26 2018-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).
22 CVE-2018-1000542 611 Exec Code 2018-06-26 2018-08-20
6.8
None Remote Medium Not required Partial Partial Partial
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.
23 CVE-2018-1000540 611 DoS 2018-06-26 2018-08-20
6.8
None Remote Medium Not required Partial Partial Partial
LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file.
24 CVE-2018-1000515 611 2018-06-26 2018-08-20
5.0
None Remote Low Not required Partial None None
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server..
25 CVE-2018-1000198 611 2018-06-05 2018-07-18
4.0
None Remote Low Single system Partial None None
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.
26 CVE-2018-1000124 611 2018-03-13 2018-04-13
7.5
None Remote Low Not required Partial Partial Partial
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.
27 CVE-2018-1000090 611 DoS 2018-03-13 2018-04-13
7.8
None Remote Low Not required None None Complete
textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.
28 CVE-2018-1000069 611 2018-03-13 2018-04-19
4.3
None Remote Medium Not required Partial None None
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+.
29 CVE-2018-1000056 611 2018-02-09 2018-03-06
6.5
None Remote Low Single system Partial Partial Partial
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
30 CVE-2018-1000055 611 2018-02-09 2018-03-06
6.5
None Remote Low Single system Partial Partial Partial
Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
31 CVE-2018-1000054 611 2018-02-09 2018-03-13
6.5
None Remote Low Single system Partial Partial Partial
Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
32 CVE-2018-1000012 611 2018-01-23 2018-02-07
6.5
None Remote Low Single system Partial Partial Partial
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
33 CVE-2018-1000011 611 2018-01-23 2018-02-07
6.5
None Remote Low Single system Partial Partial Partial
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
34 CVE-2018-1000010 611 2018-01-23 2018-02-07
6.5
None Remote Low Single system Partial Partial Partial
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
35 CVE-2018-1000009 611 2018-01-23 2018-02-07
6.5
None Remote Low Single system Partial Partial Partial
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
36 CVE-2018-1000008 611 2018-01-23 2018-02-07
6.5
None Remote Low Single system Partial Partial Partial
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
37 CVE-2018-20664 611 2019-01-03 2019-01-10
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
38 CVE-2018-20318 611 2018-12-20 2019-01-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file.
39 CVE-2018-20157 611 2018-12-14 2019-01-03
5.0
None Remote Low Not required Partial None None
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
40 CVE-2018-20059 611 2018-12-11 2019-01-03
7.5
None Remote Low Not required Partial Partial Partial
jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.
41 CVE-2018-20000 611 2018-12-09 2019-01-24
5.0
None Remote Low Not required Partial None None
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.
42 CVE-2018-19371 611 2019-01-02 2019-01-24
4.0
None Remote Low Single system Partial None None
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
43 CVE-2018-18737 611 2018-10-29 2018-12-11
5.0
None Remote Low Not required Partial None None
An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF.
44 CVE-2018-18659 611 2018-10-26 2018-12-06
5.0
None Remote Low Not required Partial None None
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.
45 CVE-2018-17889 611 2018-10-08 2018-11-25
4.3
None Remote Medium Not required Partial None None
In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure.
46 CVE-2018-17411 611 2018-09-26 2018-12-17
10.0
None Remote Low Not required Complete Complete Complete
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.
47 CVE-2018-16792 611 2018-12-05 2018-12-31
6.4
None Remote Low Not required Partial Partial None
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.
48 CVE-2018-16521 611 2018-09-05 2018-12-07
7.5
None Remote Low Not required Partial Partial Partial
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.
49 CVE-2018-16303 611 DoS 2018-09-01 2018-10-31
5.0
None Remote Low Not required None None Partial
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.
50 CVE-2018-16252 611 2018-09-05 2018-12-04
2.1
None Local Low Not required Partial None None
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
Total number of vulnerabilities : 295   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.