207 matches found
Astra Linux - уязвимость в batik
A Server-Side Request Forgery SSRF vulnerability exists in the Batik of Apache XML Graphics, allowing attackers to access files using a Jar URL. This issue affects Apache XML Graphics Batik 1.14...
Astra Linux - уязвимость в batik
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14...
EUVD-2022-5566
Malicious code in bioql PyPI...
EUVD-2022-5045
Malicious code in bioql PyPI...
Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager
Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...
Linux Distros Unpatched Vulnerability : CVE-2018-8013
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use...
Linux Distros Unpatched Vulnerability : CVE-2017-5662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG file...
Linux Distros Unpatched Vulnerability : CVE-2020-11987
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argumen...
Linux Distros Unpatched Vulnerability : CVE-2015-0250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML external entity XXE vulnerability in the SVG to 1 PNG and 2 JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2019-17566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the xlink:href attributes. By using a specially-crafted...
RHEL 7 : batik (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...
RHEL 7 : batik (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...
Oracle Business Intelligence Enterprise Edition (April 2024 CPU)
The version of Oracle Business Intelligence Enterprise Edition 12.2.1.4 installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...
Security Bulletin: Order Management is subject to an Apache Batik vulnerability and could allow a remote attacker to obtain sensitive information.
Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2015-0250, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to address the vulnerability...
openSUSE Security Advisory (SUSE-SU-2024:0808-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
batik: Server-Side Request Forgery vulnerability
A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks...
[SECURITY] Fedora 40 Update: xmlgraphics-commons-2.9-3.fc40
Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. You will find components such as a PDF library, an RTF library, Graphics2D...
SUSE SLES12 Security Update : xmlgraphics-batik (SUSE-SU-2024:0777-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0777-1 advisory. - In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who...
SUSE-SU-2024:0777-1 Security update for xmlgraphics-batik
This update for xmlgraphics-batik fixes the following issues: - CVE-2017-5662: Fixed Apache Batik information disclosure vulnerability bsc1034675. - CVE-2019-17566: Fixed SSRF vulnerability bsc1172961. - CVE-2020-11987: Fixed Apache XML Graphics Batik SSRF vulnerability bsc1182748. -...
SUSE CVE-2022-44729
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...