Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73693)

Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.A server-side request forgery vulnerability exists in Apache XML Graphics Batik due to a flaw in the A flaw in the DefaultExternalResourceSecurity function cause...

Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73690)

Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format. Apache XML Graphics Batik is vulnerable to server-side request forgery, which is caused by a flaw when calling the fop function. An attacker could exploit the...

CVE-2022-33681

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

GHSA-H4QG-P7R2-CPG3 Apache Batik vulnerable to Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...

Apache Batik Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...

Apache Airflow vulnerable to Use of Externally-Controlled Format String

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction...

GHSA-4FG5-J4MM-WFPG Apache Airflow contains open redirect

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...

CVE-2022-38648

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14...

CVE-2022-38648

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14...

CVE-2022-38648

CVE-2022-38648 is a Server-Side Request Forgery (SSRF) in Apache Batik (Apache XML Graphics Batik). Public docs confirm the issue affects Batik 1.14 and describes SSRF that can fetch external resources via Batik’s processing. Connected sources show fixes/mitigations across ecosystems: Debian LTS ...

Apache OpenMeetings Denial of Service (CVE-2020-13951; CVE-2021-27576)

A denial of service vulnerability exists in Apache OpenMeetings. Successful exploitation of this vulnerability would allow remote attackers to cause denial of service on the affected system...

Debian: Security Advisory (DLA-3111-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form...

CVE-2021-42597

CVE-2021-42597 affects Sourcecodester Storage Unit Rental Management System (SURMS) v1.0 running on PHP 8.0.10 with Apache 2.4.14. A Cross-Site Scripting (XSS) vulnerability exists via the Add New Tenant List Rent List form. Exploitation details are not provided beyond the XSS indication; no reme...

Apache IoTDB Licensing Issue Vulnerability (CNVD-2022-69472)

Apache IoTDB is an integrated data management engine designed for time-series data from the Apache Foundation that provides data collection, storage, and analysis services, etc. An authorization issue vulnerability exists in Apache IoTDB version 0.13.0, which stems from vulnerability to session i...

ALSA-2022:6542 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...

Fedora: Security Advisory for libapreq2 (FEDORA-2022-9e5046934e)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: HTTP Request smuggling vulnerability may affect IBM HTTP Server (CVE-2015-3183)

Summary Request smuggling vulnerability may affect the IBM HTTP Server used by IBM WebSphere Application Server Vulnerability Details CVEID: CVE-2015-3183 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by a chunk header parsing flaw in the aprbrigadeflatten...

Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled by default in the Apache based IBM HTTP Server. Vulnerability Details CVE ID: CVE-2014-3566 DESCRIPTION: IBM HTTP Server could allow a remote...

Apache IoTDB Access Control Error Vulnerability

Apache IoTDB is an integrated data management engine designed for time series data from the Apache Foundation that provides data collection, storage, and analysis services, among other things.Apache IoTDB version 0.13.0 contains an access control error vulnerability that stems from the inclusion ...