GeoServer Code Execution Vulnerability

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A code execution vulnerability exists in GeoServer. The vulnerability stems from java.lang.Runtime.getRuntime.exec in wps:LiteralData failing to correctly filter the special elements of th...

Exploit for SQL Injection in Osgeo Geoserver

CVE-2023-25157 - GeoServer SQL Injection - PoC - CVE: C...

Default configuration

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...

CVE-2023-28442

CVE-2023-28442 affects GeoNode (3 and 4) where anonymous users can retrieve sensitive configuration information from the Geoserver REST endpoint /geoserver/rest/about/status. Versions before 2.20.7 (also 2.19.6/2.18.7) are exposed due to Geoserver configuration for GeoNode leaving REST endpoints ...

PYSEC-2023-15

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...

CVE-2023-26043

CVE-2023-26043 is an XXE injection in GeoNode’s GeoServer style upload pathway that can lead to an authenticated Arbitrary File Read. The vulnerability stems from the server-side parsing of user-supplied SLD files (style uploads) without proper entity resolution, enabling an attacker to read file...

SUSE CVE-2021-45943

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment...

CVE-2022-41892

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...

PYSEC-2022-42985

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...

CVE-2022-41892 Arches vulnerable to SQL Injection

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...

CVE-2022-41892

Arches (Geospatial web platform) is vulnerable to SQL Injection in versions prior to 6.1.2, 6.2.1, and 7.1.2. Root cause is unsafe handling of crafted web requests that can execute arbitrary SQL against the database. Impact is high (confidentiality, integrity, and availability affected per CVSS h...

CVE-2022-41892 Arches vulnerable to SQL Injection

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...

CVE-2022-24818

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

CVE-2022-24818

CVE-2022-24818 – GeoTools is an open‑source Java library for geospatial data. It is affected by unchecked JNDI lookups that can lead to class deserialization and arbitrary code execution when JNDI names are user‑provided. The vulnerability requires admin‑level login to trigger, and is mitigated b...

The vulnerability of the netCDF component of the GDAL library for geospatial data allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the netCDF component of the GDAL transformation library for geospatial data is related to writing beyond buffer boundaries. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...

[SECURITY] Fedora 34 Update: gdal-3.2.2-3.fc34

Geospatial Data Abstraction Library GDAL/OGR is a cross platform C++ translator library for raster and vector geospatial data formats. As a library, it presents a single abstract data model to the calling application for all supported formats. It also comes with a variety of useful commandline...

[SECURITY] Fedora 35 Update: gdal-3.3.3-1.fc35

Geospatial Data Abstraction Library GDAL/OGR is a cross platform C++ translator library for raster and vector geospatial data formats. As a library, it presents a single abstract data model to the calling application for all supported formats. It also comes with a variety of useful commandline...

Fedora Update for gdal FEDORA-2018-3119a06646

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 29 Update: gdal-2.3.2-1.fc29

Geospatial Data Abstraction Library GDAL/OGR is a cross platform C++ translator library for raster and vector geospatial data formats. As a library, it presents a single abstract data model to the calling application for all supported formats. It also comes with a variety of useful commandline...

Fedora Update for gdal FEDORA-2013-1473

Check for the Version of gdal OpenVAS Vulnerability Test Fedora Update for gdal FEDORA-2013-1473 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...