ROOT-APP-MAVEN-CVE-2020-10683 CVE-2020-10683 in io.root.dom4j:dom4j - Patched by Root

Root has patched CVE-2020-10683 in the io.root.dom4j:dom4j package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2018-1000632 CVE-2018-1000632 in io.root.dom4j:dom4j - Patched by Root

Root has patched CVE-2018-1000632 in the io.root.dom4j:dom4j package for Root:Maven. Multiple fixed versions available...

EUVD-2020-0492

Malware in sbrugna...

EUVD-2018-0521

Malware in sbrugna...

ROS-20250822-02

A vulnerability in the dom4j open source Java library for XML, XPath and XSLT is related to the improper cleansing of elements and attribute names in XML documents. Exploitation of the vulnerability could Allow an attacker acting remotely to launch an XXE attack on the target system...

Linux Distros Unpatched Vulnerability : CVE-2020-10683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular...

Linux Distros Unpatched Vulnerability : CVE-2018-1000632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an...

Advisory ROSA-SA-2024-2454

software: dom4j 2.0.3 AXIS: ROSA-CHROME packageevrstring: dom4j-2.0.3-1 CVE-ID: CVE-2018-1000632 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The dom4j version contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute, which could lead to an attacker forging XM...

OPENSUSE-SU-2024:10724-1 dom4j-1.6.1-33.6 on GA media

These are all security issues fixed in the dom4j-1.6.1-33.6 package on the GA media of openSUSE Tumbleweed...

openSUSE: Security Advisory for Java (SUSE-SU-2024:1874-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:1874-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : dom4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:1874-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1874-1 advisory. This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added...

SUSE-SU-2024:1874-1 Security update for Java

This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added LICENSE/NOTICE to the generated jar - Allow @API to be declared at the package level - Explain usage of Status.DEPRECATED - Include OSGi metadata in manifest assertj-core was implemented at version...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.22 (RHSA-2019:1159)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1159 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

[SECURITY] Fedora 40 Update: jaxen-1.2.0-17.fc40

Jaxen is an open source XPath library written in Java. It is adaptable to many different object models, including DOM, XOM, dom4j, and JDOM. Is it also possible to write adapters that treat non-XML trees such as compil ed Java byte code or Java beans as XML, thus enabling you to query these trees...

Security Bulletin: IBM InfoSphere Information Server is affected by dom4j vulnerability (CVE-2023-45960)

Summary A vulnerability in dom4j used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-45960 DESCRIPTION: dom4j could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity XXE declarations by the...

Security Bulletin: Multiple vulnerabilities affect embedded rules in IBM Business Automation Workflow

Summary Embedded rules in IBM Business Automation Workflow are affected by multiple vulnerabilities. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code o...

GHSA-FGQ9-FC3Q-VQMW Withdrawn Advisory: dom4j XML Entity Expansion vulnerability

Withdrawn Advisory This advisory has been withdrawn because the underlying vulnerability could not be reproduced. This link is maintained to preserve external references. Original Description An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive...

Withdrawn Advisory: dom4j XML Entity Expansion vulnerability

Withdrawn Advisory This advisory has been withdrawn because the underlying vulnerability could not be reproduced. This link is maintained to preserve external references. Original Description An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive...