36 matches found
MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.232.b09-1.AXS4 (AXSA:2019-4356:04)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4356:04 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...
MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.232.b09-0.el7 (AXSA:2019-4346:06)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4346:06 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...
MiracleLinux 8 : firefox-128.8.0-1.el8_10.ML.1 (AXSA:2025-9730:07)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9730:07 advisory. firefox: Use-after-free in WebTransportChild CVE-2025-1931 firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process...
MiracleLinux 7 : firefox-128.8.0-1.0.1.el7.AXS7 (AXSA:2025-9734:08)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9734:08 advisory. firefox: Use-after-free in WebTransportChild CVE-2025-1931 firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process...
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
PT-2023-21940 · Oracle +1 · Java +1
Name of the Vulnerable Software and Affected Versions: ShardingSphere-Agent versions through 5.3.2 Description: The Deserialization of Untrusted Data issue in Apache ShardingSphere-Agent allows attackers to execute arbitrary code by constructing a special YAML configuration file. An attacker must...
batik: Server-Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...
USN-6117-1 batik vulnerabilities
It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648 It was discovered that Apache Batik incorrectly handled Jar URLs in some...
Important: batik
Issue Overview: Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
SUSE CVE-2008-4821
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors...
SUSE CVE-2022-40146
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...
CVE-2022-40146
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability
Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.Apache XML Graphics Batik is vulnerable to server-side request forgery, which is caused by a flaw in the DefaultScriptSecurity function. An attacker could exploi...
Apache Batik vulnerable to Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...
GHSA-H4QG-P7R2-CPG3 Apache Batik vulnerable to Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...
CVE-2022-40146
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...
UBUNTU-CVE-2022-40146
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...