151 matches found
CVE-2024-28168 Apache XML Graphics FOP: XML External Entity (XXE) Processing
Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...
CVE-2024-28168 Apache XML Graphics FOP: XML External Entity (XXE) Processing
Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...
CVE-2024-28168
CVE-2024-28168 concerns an XXE in Apache XML Graphics FOP affecting version 2.9. The root cause is an improper restriction of XML External Entity references, leading to potential exposure of sensitive data if exploited over the network. The CVSS base score is 7.5 (Network attacker, no user intera...
CVE-2024-28168 Apache XML Graphics FOP: XML External Entity (XXE) Processing
Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...
PT-2024-22312 · Apache +2 · Apache Xml Graphics +2
Name of the Vulnerable Software and Affected Versions: Apache XML Graphics FOP version 2.9 Description: The issue is related to an Improper Restriction of XML External Entity Reference, also known as an XXE vulnerability, in Apache XML Graphics FOP. This vulnerability is due to the improper...
Apache XML Graphics FOP 代码问题漏洞
Apache XML Graphics FOP is a Java application for converting XSL-FO files to PDF or other printable formats from the Apache Foundation USA. A code issue vulnerability exists in Apache XML Graphics FOP version 2.9, which stems from the presence of an incorrectly restricted XML external entity...
RHEL 8 : fop (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: Server-Side Request Forgery vulnerability CVE-2022-44729 - Server-Side Request Forgery SSRF...
RHEL 7 : batik (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...
MGASA-2024-0068 Updated batik packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. CVE-2022-38398 Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacke...
Updated batik packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. CVE-2022-38398 Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacke...
SUSE SLED15: xmlgraphics-batik / xmlgraphics-batik-css / xmlgraphics-batik-demo / etc (SUSE-SU-2024:0808-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0808-1 advisory. - CVE-2022-41704: Fixed information disclosure vulnerability in Apache Batik bsc1204704. -...
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and Server
This High severity org.apache.xmlgraphics:batik-script Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-script Dependency vulnerability, with a...
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server
This High severity org.apache.xmlgraphics:batik-bridge Dependency RCE Remote Code Execution vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-bridge...
SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server
This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CVSS...
Atlassian Jira Service Management Data Center and Server < 4.20.30 / 5.4.x < 5.4.15 / 5.7.x < 5.12.2 (JSDSERVER-14958)
The version of Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14958 advisory. - Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This...
GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...
SSRF org.apache.xmlgraphics:batik-bridge Dependency in Jira Service Management Data Center and Server
This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, and 5.12.0 of Jira Service Management Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CV...
Atlassian Confluence 7.13 / 7.19.x < 7.19.16 (CONFSERVER-93175)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93175 advisory. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache X...
Atlassian Confluence 7.13.x / 7.19.x < 7.19.16 (CONFSERVER-93179)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93179 advisory. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics...
Atlassian Confluence 7.13.x / 7.19.x < 7.19.16 (CONFSERVER-93178)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93178 advisory. - Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue...