14 matches found
GeoServer < 2.22.5 Multiples Vulnerabilities
According to its banner, the version of GeoServer running on the remote host is prior to 2.22.5 or 2.23.0 parameter Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
CVE-2023-41339
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...
GeoServer Code Issues Vulnerabilities
GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions 2.22.x prior to 2.22.5 and 2.23.x prior to 2.23.2 that originates from allowing users to share and edit geospatial data...
CVE-2023-43795 WPS Server Side Request Forgery in GeoServer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...
CVE-2023-43795 WPS Server Side Request Forgery in GeoServer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...
CVE-2023-41339 Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...
PT-2023-28987 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.22.5 GeoServer versions prior to 2.23.2 GeoServer version 2.20.5 GeoServer version 2.21.0 Description: The OGC Web Processing Service WPS specification in GeoServer allows processing of information from any serve...
UBUNTU-CVE-2022-33146
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...
JVN#02158640: web2py vulnerable to open redirect
web2py contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the software to the latest version accordi...
openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0081-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for webkit2gtk3 (important)
openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2019:0081-1 Rating: important References: 1110279 1116998 1119558 Cross-References: CVE-2018-11713 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209...
SUSE-SU-2019:0092-1 Security update for webkit2gtk3
This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306,...
[SECURITY] Fedora 29 Update: webkit2gtk3-2.22.5-1.fc29
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKit2 based WebKitGTK+ for GTK+ 3...
[ASA-201812-10] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-201812-10 ========================================== Severity: Critical Date : 2018-12-14 CVE-ID : CVE-2018-4437 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-834 Summary ======= The package webkit2gtk...