EUVD-2022-2596

Malicious code in bioql PyPI...

The vulnerability of the Apache XML Graphics FOP transformation tool arises from improper restrictions on XML references to external objects, allowing attackers to execute XXE attacks.

The vulnerability of the Apache XML Graphics FOP transformation tool is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager

Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...

Linux Distros Unpatched Vulnerability : CVE-2017-5661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. T...

Medium: fop

Issue Overview: Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue. CVE-2024-28168 Affected Packages: fop Note: This advisory...

GHSA-JQFV-JRVQ-95JM Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...

[SECURITY] Fedora 40 Update: xmlgraphics-commons-2.9-3.fc40

Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. You will find components such as a PDF library, an RTF library, Graphics2D...

Security Bulletin: Vulnerability found in fop-1.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-5661)

Summary Vulnerability have been identified in fop-1.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-5661...

SUSE CVE-2017-5661

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...

GHSA-5HG8-R9VQ-GJQP Improper Restriction of XML External Entity Reference in Apache FOP

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...

Improper Restriction of XML External Entity Reference in Apache FOP

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...

Tenable SecurityCenter < 5.19.0 Multiple Vulnerabilities (TNS-2021-14)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less than 5.19.0 and is therefore affected by multiple vulnerabilities in the following components: - Apache FOP - Underscore - Handlebars - PHP - sqlite Note that successful exploitatio...

Security Bulletin: Security vulnerability in Apache FOP affects IBM® Rational® Quality Manager

Summary Security Vulnerability in Apache FOP shipped with IBM Rational Quality Manager was disclosed. IBM Rational Quality Manager has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-5661 DESCRIPTION: Apache FOP could allow a remote authenticated attacker to obtain sensitive...

apache-fop.1065347.n5.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1182251 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Security Bulletin: Vulnerability in Apache FOP affects IBM Cúram Social Program Management (CVE-2017-5661)

Summary IBM Cúram Social Program Management uses the Apache FOP Library. Apache FOP could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. By using a specially-crafted SVG file. A remote attacker could...

Debian: Security Advisory (DLA-927-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Apache Fop vulnerability (USN-3281-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3281-1 advisory. Pierre Ernst discovered that Apache Fop incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from...

USN-3281-1 fop vulnerability

Pierre Ernst discovered that Apache Fop incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service...

USN-3281-1: Apache Fop vulnerability

Pierre Ernst discovered that Apache Fop incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service...

Debian DLA-927-1 : fop security update

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...