Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5...

CVE-2024-38374 Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...

CVE-2024-28982

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference...

BIT-MAGENTO-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

GHSA-M8CJ-3V68-3CXJ Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

CVE-2024-34102

CVE-2024-34102 is an XXE vulnerability in Adobe Commerce/Magento Open Source that allows remote code execution. The issue affects Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, via improper restriction of XML external entity references. Exploitation can occur without use...

RHEL 7 : apache-ivy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-ivy: Directory Traversal CVE-2022-37865 - Improper Restriction of XML External Entity Reference, X...

CVE-2024-34345 @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability

The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1...

CVE-2024-34392

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces function which invokes wrapxmlNodensDefget on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution...

CVE-2024-2826

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

CVE-2024-2826 lakernote EasyAdmin saveReportFile xml external entity reference

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

CVE-2024-2826 lakernote EasyAdmin saveReportFile xml external entity reference

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

CVE-2024-1167 SEW-EURODRIVE MOVITOOLS MotionStudio Improper Restriction of XML External Entity Reference

When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur...

CVE-2023-6194

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to...

CVE-2023-6194

CVE-2023-6194 affects Eclipse Memory Analyzer (versions 0.7 to 1.14.0). The issue arises because report definition XML files do not filter references to external entities in DTDs, allowing a malicious report file to cause the tool to access external files or URLs defined via a DTD when generating...

CVE-2023-49733

CVE-2023-49733 affects Apache Cocoon 2.2.0 up to versions before 2.3.0. It is an XML External Entity (XXE) reference vulnerability due to improper restriction, enabling potentially sensitive data exposure and other impacts as described in the sources. The recommended remediations are upgrading to...

Exploit for Improper Restriction of XML External Entity Reference in Dogtagpki

CVE-2022-2414 CVE-2022-24...