dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCanonical Ubuntu
OSCanonical16.04Dom4j Project Dom4j
APPDom4J Project2.1.0 – 2.1.3 (bez)< 2.0.3Netapp Oncommand Api Services
APPNetappwszystkie wersjeNetapp Oncommand Workflow Automation
APPNetappwszystkie wersjeNetapp Snapcenter
APPNetappwszystkie wersjeNetapp Snap Creator Framework
APPNetappwszystkie wersjeNetapp Snapmanager
APPNetappwszystkie wersjeOpensuse Leap
OSOpensuse15.1Oracle Agile Plm
APPOracle9.3.39.3.5Oracle Application Testing Suite
APPOracle13.3.0.1Oracle Banking Platform
APPOracle2.4.0 – 2.10.0Oracle Business Process Management Suite
APPOracle12.2.1.3.012.2.1.4.0Oracle Communications Application Session Controller
APPOracle3.9m0p1Oracle Communications Diameter Signaling Router
APPOracle8.0.0 – 8.2.2Oracle Communications Unified Inventory Management
APPOracle7.3.07.4.0Oracle Data Integrator
APPOracle12.2.1.3.012.2.1.4.0Oracle Documaker
APPOracle12.6.0 – 12.6.4Oracle Endeca Information Discovery Integrator
APPOracle3.2.0Oracle Enterprise Data Quality
APPOracle11.1.1.9.012.2.1.3.0Oracle Enterprise Manager Base Platform
APPOracle13.4.0.0Oracle Financial Services Analytical Applications Infrastructure
APPOracle8.0.6 – 8.1.0Oracle Flexcube Core Banking
APPOracle11.10.011.7.011.8.011.9.0Oracle Fusion Middleware
APPOracle12.2.1.4.0Oracle Health Sciences Empirica Signal
APPOracle9.0Oracle Health Sciences Information Manager
APPOracle3.0.1Oracle Insurance Policy Administration J2ee
APPOracle10.2.010.2.411.0.211.1.0 – 11.3.0Oracle Insurance Rules Palette
APPOracle10.2.010.2.411.0.211.1.0 – 11.3.0Oracle Jdeveloper
APPOracle12.2.1.4.0Oracle Primavera P6 Enterprise Project Portfolio Management
APPOracle19.12.0.0 – 19.12.6.016.1.0.0 – 16.2.20.117.1.0.0 – 17.12.17.118.1.0.0 – 18.8.19.0Oracle Rapid Planning
APPOracle12.112.2
Powiązane podatności
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debia...
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...