Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache batik vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-38398
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an malicious user to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
Apache Batik 1.14
Debian Debian Linux 10.0
5.3
CVSSv3
CVE-2022-38648
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an malicious user to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
Apache Batik 1.14
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2022-40146
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an malicious user to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
Apache Batik 1.14
Debian Debian Linux 10.0
7.1
CVSSv3
CVE-2022-44729
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in so...
Apache Xml Graphics Batik
Debian Debian Linux 10.0
4.4
CVSSv3
CVE-2022-44730
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
Apache Xml Graphics Batik
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2022-42890
A vulnerability in Batik of Apache XML Graphics allows an malicious user to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics before 1.16. Users are recommended to upgrade to version 1.16.
Apache Batik
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-41704
A vulnerability in Batik of Apache XML Graphics allows an malicious user to run untrusted Java code from an SVG. This issue affects Apache XML Graphics before 1.16. It is recommended to update to version 1.16.
Apache Batik
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2015-0250
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x prior to 1.8 allows remote malicious users to read arbitrary files or cause a denial of service via a crafted SVG file.
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Apache Batik
Redhat Jboss Enterprise Brms Platform
2 Github repositories
9.8
CVSSv3
CVE-2018-8013
In Apache Batik 1.x prior to 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deser...
Apache Batik
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Fusion Middleware Mapviewer 12.2.1.2
Oracle Enterprise Repository 12.1.3.0.0
Oracle Business Intelligence 11.1.1.9.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Business Intelligence 11.1.1.7.0
Oracle Retail Back Office 13.4
Oracle Retail Back Office 14.1
Oracle Retail Back Office 13.3
Oracle Business Intelligence 12.2.1.3.0
Oracle Communications Diameter Signaling Router
Oracle Retail Order Broker 5.1
Oracle Retail Order Broker 5.2
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Insurance Calculation Engine 10.2.1
Oracle Insurance Calculation Engine 10.1.1
1 Article
7.3
CVSSv3
CVE-2017-5661
In Apache FOP prior to 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the use...
Apache Formatting Objects Processor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »