CVE-2023-25158 Unfiltered SQL Injection in Geotools

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore...

CVE-2023-25158

CVE-2023-25158 (GeoTools) is a SQL injection vulnerability affecting the OGC Filter handling when used with JDBCDataStore implementations. The issue arises from unsafe SQL construction in filters such as PropertyIsLike, strEndsWith, strStartsWith, FeatureId, jsonArrayContains, and DWithin, leadin...

CVE-2023-25158 Unfiltered SQL Injection in Geotools

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore...

dd-plist 代码问题漏洞

dd-plist is a Java library for working with attribute lists from the individual developer Daniel Dreibrodt. A code issue vulnerability exists in dd-plist version 1.17, which stems from the presence of an xml external entity reference vulnerability...

SUSE CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

SUSE CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

CVE-2022-23553

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds...

CVE-2022-23554

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains...

Race condition

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains...

CVE-2022-41967

Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML SNAPSHOT versions are being resolved...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server Liberty are vulnerable to denial of service due to Google protobuf-java

Summary There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulleti...

CVE-2022-23496

Vulnerability summary (CVE-2022-23496, Yauaa) : The Java library Yauaa can crash when using the Client Hints analysis feature introduced with version 7.0.0 due to an ArrayIndexOutOfBoundsException. This affects applications that enable Client Hints analysis; those not using this feature are not a...

CVE-2022-23496 A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa

Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...

[SECURITY] [DLA 3209-1] ini4j security update

Debian LTS Advisory DLA-3209-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 28, 2022 https://wiki.debian.org/LTS Package : ini4j Version : 0.5.4-1deb10u1 CVE ID : CVE-2022-41404 It was discovered that ini4j, a Java library for handling the Windows ini...

The vulnerability of the Java Protocol Buffers protobuf-java environment library, related to insufficient validation of input data, allows attackers to trigger service failures.

The vulnerability of the Java Protocol Buffers protobuf-java environment library is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-...

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison has a security vulnerability , the vulnerability stems from parsing untrusted XML or JSON data may be vulnerable to denial of service...

Debian: Security Advisory (DLA-3100-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Nimbus JOSE + JWT Java library, related to incorrect verification of the cryptographic signature, allows a perpetrator to influence the integrity of the information.

The vulnerability of the Nimbus JOSE + JWT Java library is related to an incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to influence the integrity of the information...

Oracle Linux 7 : java-11-openjdk (ELSA-2022-5687)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5687 advisory. 1:11.0.16.0.8-1.0.1 - link atomic for ix86 build 1:11.0.16.0.8-1 - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball namin...