Astra Linux - уязвимость в batik

A vulnerability in Batik of Apache XML Graphics allows an attacker to execute untrusted Java code from an SVG. This issue affects Apache XML Graphics versions prior to 1.16. It is recommended to update to version 1.16...

MiracleLinux 7 : xmlrpc-3.1.3-9.el7 (AXSA:2018-3132:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3132:01 advisory. xmlrpc: Deserialization of untrusted Java object through tag CVE-2016-5003 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 4 : xmlrpc3-3.0-4.17.AXS4 (AXSA:2018-3129:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3129:01 advisory. xmlrpc: Deserialization of untrusted Java object through tag CVE-2016-5003 Tenable has extracted the preceding description block directly from the MiracleLin...

Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration. Mitigation Disable LDAP referrals in all LDAP user providers in all realms...

Arbitrary Code Execution in NLTK StanfordSegmenter via untrusted JAR loading

This report is not public...

Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm...

GHSA-93VM-MQPW-8WH3 Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm...

CVE-2025-13467

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration. Mitigation Mitigation for this issue is either not available or the...

EUVD-2005-3902

Malware in sbrugna...

SUSE SLES12 Security Update : xmlgraphics-batik (SUSE-SU-2024:0777-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0777-1 advisory. - In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who...

CVE-2023-24971 IBM B2B Advanced Communication denial of service

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976...

batik: Apache XML Graphics Batik vulnerable to code execution via SVG

A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6117-1 advisory. It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perfor...

batik: Apache XML Graphics Batik vulnerable to code execution via SVG

A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG...

DEBIAN-CVE-2022-41704

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16...

CVE-2022-41704

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16...

CVE-2022-41704

CVE-2022-41704 concerns the Apache Batik library (Apache XML Graphics) and allows a remote attacker to run untrusted Java code from an SVG. The issue affects Batik versions prior to 1.16, with a recommended upgrade to 1.16. Connected documents corroborate the vulnerability details across multiple...

Unspecified Vulnerability

IBM Java Runtime Environment has unspecified vulnerability, allowing remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors...

Deserialization of untrusted data

Divisa Proxia Suite 9 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 10.0.32, and 10.1 10.1.5, SparkSpace 1.0 1.0.30, 1.1 1.1.2, and 1.2 1.2.4, and Proxia PHR 1.0 1.0.30 and 1.1 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely...

CVE-2019-18956

CVE-2019-18956 affects Divisa Proxia Suite (various 9.x, 10.x versions), SparkSpace, and Proxia PHR. The flaw is remote code execution via untrusted Java deserialization triggered by the insecure handling of the proxia-error cookie in every request. An unauthenticated attacker can craft a seriali...