what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

CVE-2020-10683

Status Candidate

Overview

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

Related Files

Red Hat Security Advisory 2020-5568-01
Posted Dec 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5568-01 - This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse 7.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, bypass, code execution, cross site scripting, denial of service, deserialization, file disclosure, information leakage, memory leak, out of bounds read, privilege escalation, server-side request forgery, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, code execution, xss, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2018-1000873, CVE-2019-0205, CVE-2019-0210, CVE-2019-10202, CVE-2019-10219, CVE-2019-11777, CVE-2019-12406, CVE-2019-12423, CVE-2019-13990, CVE-2019-14900, CVE-2019-17566, CVE-2019-17638, CVE-2019-19343, CVE-2019-2692, CVE-2019-3773, CVE-2019-3774, CVE-2020-10683, CVE-2020-10740, CVE-2020-11612, CVE-2020-11971, CVE-2020-11972, CVE-2020-11973, CVE-2020-11980, CVE-2020-11989, CVE-2020-11994, CVE-2020-13692, CVE-2020-1393
MD5 | d8e688ff10347d02b3c18f5920c5dce5
Red Hat Security Advisory 2020-4961-01
Posted Nov 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4961-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2019-17566, CVE-2020-10683, CVE-2020-10693, CVE-2020-10714, CVE-2020-1748, CVE-2020-1945, CVE-2020-1954, CVE-2020-2875, CVE-2020-2933, CVE-2020-2934
MD5 | 68f0e5928f9e668ab1fbfb9ffb511bff
Red Hat Security Advisory 2020-4960-01
Posted Nov 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4960-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2019-17566, CVE-2020-10683, CVE-2020-10693, CVE-2020-10714, CVE-2020-1748, CVE-2020-1945, CVE-2020-1954, CVE-2020-2875, CVE-2020-2933, CVE-2020-2934
MD5 | a2b5a8d32a1b651da55bbb42b8f7ae36
Ubuntu Security Notice USN-4575-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4575-1 - It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-10683
MD5 | 13c22771427bf9520a58b64280918187
Red Hat Security Advisory 2020-3642-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3642-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-14307, CVE-2020-1695, CVE-2020-1710, CVE-2020-1748, CVE-2020-6950, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
MD5 | 38ea164d1c007b5ad23905702c4a364e
Red Hat Security Advisory 2020-3638-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3638-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-14307, CVE-2020-1695, CVE-2020-1710, CVE-2020-1748, CVE-2020-6950, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
MD5 | 34968b1413c659852b2a6fd77386aed5
Red Hat Security Advisory 2020-3637-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3637-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-14307, CVE-2020-1695, CVE-2020-1710, CVE-2020-1748, CVE-2020-6950, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
MD5 | 18fe456380f432ad711cc532f70e648f
Red Hat Security Advisory 2020-3639-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3639-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-14307, CVE-2020-1695, CVE-2020-1710, CVE-2020-1748, CVE-2020-6950, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
MD5 | f06252c78191e71e29c17dfcf8316547
Red Hat Security Advisory 2020-3585-01
Posted Aug 31, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3585-01 - Red Hat JBoss Enterprise Application Platform CD20 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform CD20 includes bug fixes and enhancements. Issues addressed include XML injection, deserialization, man-in-the-middle, memory exhaustion, remote SQL injection, and traversal vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2018-14371, CVE-2019-10172, CVE-2019-14900, CVE-2020-10673, CVE-2020-10683, CVE-2020-10705, CVE-2020-10714, CVE-2020-10719, CVE-2020-10740, CVE-2020-11612, CVE-2020-1719, CVE-2020-1954, CVE-2020-6950
MD5 | 4d987f9115fdafa0c21851c89ed7fed7
Red Hat Security Advisory 2020-3501-01
Posted Aug 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3501-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, deserialization, and improper authorization vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-10758, CVE-2020-11612, CVE-2020-14307, CVE-2020-1710, CVE-2020-1728, CVE-2020-1748
MD5 | ac9bd5cfa5a256e6462e7a36ea5cb84a
Red Hat Security Advisory 2020-3463-01
Posted Aug 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3463-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-1710, CVE-2020-1748
MD5 | 9ead7bd77b2dc129431666b801d469df
Red Hat Security Advisory 2020-3462-01
Posted Aug 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3462-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-1710, CVE-2020-1748
MD5 | c26343ede91ae3e60cab90f2bddbc971
Red Hat Security Advisory 2020-3461-01
Posted Aug 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3461-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-1710, CVE-2020-1748
MD5 | e8c0000fcef767ca1fe4e51c080ed134
Red Hat Security Advisory 2020-3464-01
Posted Aug 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3464-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-14307, CVE-2020-1710, CVE-2020-1748
MD5 | 0f78f2c759322a21645f5e2cd7f1b6fc
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close