31 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-45158
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default...
CVE-2024-23821
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23643
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23819
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23819 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23819 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
GeoServer 安全漏洞
GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective authentication of uploaded files. An...
GeoServer Security Vulnerabilities
GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.23.3 and prior to 2.24.1, which stems from the presence of a stored cross-site scripting XSS vulnerability...
JVN#80476432: web2py vulnerable to OS command injection
web2py web application framework contains an OS command injection vulnerability CWE-78. Impact When web2py is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product. Solution Upda...
web2py OS Command Injection Vulnerability
web2py is web2py open source a free and open source full stack enterprise framework. Used for agile development of secure database-driven Web-based applications. A security vulnerability exists in web2py 2.24.1 and earlier versions, which stems from the presence of an operating system command...
GiveWP < 2.24.1 - Unauthenticated SQLi
The plugin does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks PoC 1 Create a post/page that contains the "Donor Wall" block. 2 Using the default donation form, send a test donation 3 In a terminal, edit and ru...
webkitgtk: processing maliciously crafted web content lead to URI spoofing
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge...
[ASA-201912-6] git: arbitrary code execution
Arch Linux Security Advisory ASA-201912-6 ========================================= Severity: High Date : 2019-12-18 CVE-ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1387 CVE-2019-19604 Package : git Type : arbitrary code execution Remote : Yes Link :...
Security fix for the ALT Linux 8 package git version 2.24.1-alt1
2.24.1-alt1 built Dec. 12, 2019 Dmitry V. Levin in task 242633 Dec. 8, 2019 Dmitry V. Levin - 2.24.0 - 2.24.1 fixes: CVE-2019-1348, CVE-2019-1387, CVE-2019-19604; this update also addresses a few Windows and/or NTFS issues fixes: CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352,...
CVE-2019-19604
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...
CVE-2019-1348
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths...
Security fix for the ALT Linux 10 package git version 2.24.1-alt1
Dec. 8, 2019 Dmitry V. Levin 2.24.1-alt1 - 2.24.0 - 2.24.1 fixes: CVE-2019-1348, CVE-2019-1387, CVE-2019-19604; this update also addresses a few Windows and/or NTFS issues fixes: CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354...