Download
| Alert*
|
oval:org.secpod.oval:def:704222
batik: SVG Library Batik could be made to expose sensitive information if it received a specially crafted XML. oval:org.secpod.oval:def:1900156 In Apache libbatik-java 1.x before 1.10, when deserializing subclass of`AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.Fix was to check the class type before calling newInstance in deserialization. oval:org.secpod.oval:def:52940 batik: SVG Library Batik could be made to expose sensitive information if it received a specially crafted XML. oval:org.secpod.oval:def:603415 Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server. oval:org.secpod.oval:def:47394 The host is installed with oracle fusion middleware mapViewer 12.2.1.2 or 12.2.1.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle the install (Apache Batik) component issue. Successful exploitation allows an attacker to gain acces ... oval:org.secpod.oval:def:114623 Batik is a Java technology based toolkit for applications that want to use images in the Scalable Vector Graphics format for various purposes, such as viewing, generation or manipulation. oval:org.secpod.oval:def:114622 Batik is a Java technology based toolkit for applications that want to use images in the Scalable Vector Graphics format for various purposes, such as viewing, generation or manipulation. oval:org.secpod.oval:def:53341 Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server. |
