Lucene search
+L

82 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:14 a.m.13 views

CVE-2023-41339

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...

8.6CVSS6.9AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:36 a.m.10 views

CVE-2023-41877

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

7.2CVSS6.8AI score0.00841EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:33 a.m.11 views

CVE-2023-5786

A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the...

8.8CVSS7AI score0.00844EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 2:17 a.m.9 views

CVE-2023-51445

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS5.4AI score0.00487EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:53 p.m.10 views

CVE-2008-7227

PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors...

5CVSS6.9AI score0.00926EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/04/30 7:45 a.m.242 views

Exploit for Code Injection in Geoserver

⚠️ Disclaimer: This tool is intended only for security resea...

9.8CVSS8.1AI score0.99813EPSS
Exploits25
RedhatCVE
RedhatCVE
added 2025/02/05 4:48 a.m.14 views

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

9.8CVSS8.3AI score0.99813EPSS
Exploits25References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:19 a.m.9 views

CVE-2024-24749

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

7.5CVSS7.1AI score0.00756EPSS
Exploits0References1
CVE
CVE
added 2024/12/16 10:18 p.m.70 views

CVE-2024-35230

CVE-2024-35230 affects GeoServer (Java) where the welcome and about pages disclose version and revision information of the server and components. This information exposure can aid fingerprinting of the running software. The issue has been patched in version 2.26.0; users should upgrade to 2.26.0 ...

5.3CVSS5.1AI score0.00712EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/16 10:18 p.m.12 views

CVE-2024-35230 Welcome and About GeoServer pages communicate version and revision information

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use including library and components used. This information is sensitive...

5.3CVSS6.7AI score0.00712EPSS
Exploits1References3
OSV
OSV
added 2024/12/16 10:18 p.m.18 views

CVE-2024-35230 Welcome and About GeoServer pages communicate version and revision information

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use including library and components used. This information is sensitive...

5.3CVSS8.1AI score0.00712EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/12/10 12:0 a.m.4 views

GeoServer < 2.23.5 Path Traversal

According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.3. It is, therefore, affected by a Path Traversal. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

7.5CVSS7.3AI score0.00756EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/10 12:0 a.m.3 views

GeoServer 2.24.0 < 2.24.2 Path Traversal

According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.2. It is, therefore, affected by an Arbitrary File Renaming. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

6CVSS7.4AI score0.00694EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/12/10 12:0 a.m.4 views

GeoServer < 2.23.4 Path Traversal

According to its banner, the version of GeoServer running on the remote host is prior to 2.23.4. It is, therefore, affected by a Path Traversal. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

7.2CVSS7.3AI score0.00841EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/10 12:0 a.m.2 views

GeoServer 2.24.0 < 2.24.3 Path Traversal

According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.3. It is, therefore, affected by a Path Traversal. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

7.5CVSS7.3AI score0.00756EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/04 12:0 a.m.8 views

PT-2024-4472

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.22.6 GeoServer versions prior to 2.23.6 GeoServer versions prior to 2.24.4 GeoServer versions prior to 2.25.2 Description GeoServer is an open-source server used for sharing and editing geospatial data. An issue...

10CVSS7.8AI score0.99813EPSS
Exploits25References304
CNVD
CNVD
added 2023/10/30 12:0 a.m.7 views

GeoServer server-side request forgery vulnerability (CNVD-2024-14588)

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. GeoServer suffers from a server-side request forgery vulnerability that stems from the fact that the OGC Web Processing Service WPS specification is designed to process information from an...

9.8CVSS6.3AI score0.67715EPSS
Exploits0References1
CNVD
CNVD
added 2023/06/14 12:0 a.m.9 views

GeoServer Code Execution Vulnerability

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A code execution vulnerability exists in GeoServer. The vulnerability stems from java.lang.Runtime.getRuntime.exec in wps:LiteralData failing to correctly filter the special elements of th...

9.8CVSS7.5AI score0.43235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/27 8:37 p.m.6 views

CVE-2023-26043 XML External Entity (XXE) injection in GeoServer style upload functionality

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...

6.5CVSS6.8AI score0.00836EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/05/01 12:0 a.m.6 views

PT-2022-11312 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.18.5 and earlier GeoServer versions 2.19.x through 2.19.2 Description: The issue allows for Server-Side Request Forgery SSRF via the option for setting a proxy host. This means an attacker could potentially force the serv...

8.2CVSS7.4AI score0.18925EPSS
Exploits0References16
Rows per page
Query Builder