Lucene search
+L

151 matches found

Cvelist
Cvelist
added 2024/10/09 12:4 p.m.31 views

CVE-2024-28168 Apache XML Graphics FOP: XML External Entity (XXE) Processing

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...

0.01038EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/09 12:4 p.m.18 views

CVE-2024-28168 Apache XML Graphics FOP: XML External Entity (XXE) Processing

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...

6.9AI score0.01038EPSS
Exploits0References1
CVE
CVE
added 2024/10/09 12:4 p.m.100 views

CVE-2024-28168

CVE-2024-28168 concerns an XXE in Apache XML Graphics FOP affecting version 2.9. The root cause is an improper restriction of XML External Entity references, leading to potential exposure of sensitive data if exploited over the network. The CVSS base score is 7.5 (Network attacker, no user intera...

7.5CVSS7.4AI score0.01038EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/10/09 12:4 p.m.15 views

CVE-2024-28168 Apache XML Graphics FOP: XML External Entity (XXE) Processing

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...

7.5CVSS6.7AI score0.01038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.3 views

PT-2024-22312 · Apache +2 · Apache Xml Graphics +2

Name of the Vulnerable Software and Affected Versions: Apache XML Graphics FOP version 2.9 Description: The issue is related to an Improper Restriction of XML External Entity Reference, also known as an XXE vulnerability, in Apache XML Graphics FOP. This vulnerability is due to the improper...

7.8CVSS7.3AI score0.01038EPSS
Exploits0References39
CNNVD
CNNVD
added 2024/10/09 12:0 a.m.7 views

Apache XML Graphics FOP 代码问题漏洞

Apache XML Graphics FOP is a Java application for converting XSL-FO files to PDF or other printable formats from the Apache Foundation USA. A code issue vulnerability exists in Apache XML Graphics FOP version 2.9, which stems from the presence of an incorrectly restricted XML external entity...

7.5CVSS6.6AI score0.01038EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.39 views

RHEL 8 : fop (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: Server-Side Request Forgery vulnerability CVE-2022-44729 - Server-Side Request Forgery SSRF...

7.1CVSS7.2AI score0.00786EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.38 views

RHEL 7 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...

8.2AI score0.19523EPSS
Exploits0References5
OSV
OSV
added 2024/03/16 4:28 p.m.14 views

MGASA-2024-0068 Updated batik packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. CVE-2022-38398 Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacke...

7.5CVSS7AI score0.05791EPSS
Exploits1References9
Mageia
Mageia
added 2024/03/16 4:28 p.m.53 views

Updated batik packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. CVE-2022-38398 Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacke...

7.5CVSS7.5AI score0.05791EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/03/08 12:0 a.m.33 views

SUSE SLED15: xmlgraphics-batik / xmlgraphics-batik-css / xmlgraphics-batik-demo / etc (SUSE-SU-2024:0808-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0808-1 advisory. - CVE-2022-41704: Fixed information disclosure vulnerability in Apache Batik bsc1204704. -...

7.5CVSS6.8AI score0.0232EPSS
Exploits0References11
Atlassian
Atlassian
added 2024/02/14 10:47 a.m.53 views

RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-script Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-script Dependency vulnerability, with a...

7.5CVSS7.3AI score0.0232EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:47 a.m.75 views

RCE (Remote Code Execution) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency RCE Remote Code Execution vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-bridge...

7.5CVSS7.7AI score0.02143EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:47 a.m.76 views

SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CVSS...

7.5CVSS7.2AI score0.05791EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.37 views

Atlassian Jira Service Management Data Center and Server < 4.20.30 / 5.4.x < 5.4.15 / 5.7.x < 5.12.2 (JSDSERVER-14958)

The version of Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14958 advisory. - Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This...

7.1CVSS6.7AI score0.00786EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.54 views

GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...

9.8CVSS7.2AI score0.19523EPSS
Exploits1References14
Atlassian
Atlassian
added 2023/12/13 7:45 a.m.48 views

SSRF org.apache.xmlgraphics:batik-bridge Dependency in Jira Service Management Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, and 5.12.0 of Jira Service Management Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CV...

7.1CVSS6.9AI score0.00786EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/23 12:0 a.m.28 views

Atlassian Confluence 7.13 / 7.19.x < 7.19.16 (CONFSERVER-93175)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93175 advisory. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache X...

7.5CVSS7.6AI score0.0232EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/22 12:0 a.m.30 views

Atlassian Confluence 7.13.x / 7.19.x < 7.19.16 (CONFSERVER-93179)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93179 advisory. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics...

7.5CVSS7.5AI score0.02143EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/22 12:0 a.m.32 views

Atlassian Confluence 7.13.x / 7.19.x < 7.19.16 (CONFSERVER-93178)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93178 advisory. - Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue...

7.5CVSS7.5AI score0.05791EPSS
Exploits1References2
Rows per page
Query Builder