Oracle多款产品 安全漏洞

Oracle Java SE, among others, are products of Oracle Corporation in the United States. Oracle Java SE is used for developing and deploying Java applications for desktops, servers, embedded devices, and real-time environments. Oracle GraalVM for JDK is a high-performance, multi-language runtime an...

CVE-2021-21250

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migratebuildSpecString; which processes the XML document withou...

CVE-2011-1757

DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...

CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

SUSE-SU-2018:2898-1 Security update for smt, yast2-smt

This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read bsc1103809. - CVE-2018-12470: SQL injection in...