Lucene search
+L

270 matches found

github
github
added 2024/03/20 3:6 p.m.26 views

GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's...

4.8CVSS5.7AI score0.00426EPSS
Exploits0References7Affected Software2
ptsecurity
ptsecurity
added 2024/03/20 12:0 a.m.7 views

PT-2024-19991 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.3 and 2.24.0 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend...

4.8CVSS5.5AI score0.00426EPSS
Exploits0References11
vulnrichment
vulnrichment
added 2023/10/31 3:25 p.m.14 views

CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...

4.2CVSS6.8AI score0.00391EPSS
Exploits0References2
cvelist
cvelist
added 2023/10/31 3:25 p.m.49 views

CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...

4.2CVSS6.7AI score0.00391EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/10/31 12:0 a.m.3 views

SpiceDB Log Information Disclosure Vulnerability

SpiceDB is a fine-grained permissions database inspired by Google Zanzibar. A log message disclosure vulnerability exists in SpiceDB versions prior to 1.27.0, which stems from the fact that SPICEDBDATASTORECONNURI is disclosed when the URI cannot be resolved, displaying the password in the log...

6.5CVSS6.6AI score0.00391EPSS
Exploits0References3
veeam
veeam
added 2023/10/23 12:0 a.m.24 views

SureBackup Job Failure: "The resource 'VeeamBackup_' is in use."

Challenge A SureBackup job in a vSphere environment fails with the error: The resource 'VeeamBackup' is in use. The error as found in the SureBackup Job log%programdata%\Veeam\Backup\SureBackup\Job.SureBackup.log: Error Failed to connect backup datastore to the ESXi host "esx01.domain.tld"...

6.7AI score
Exploits0Affected Software1
redhat
redhat
added 2023/09/28 11:55 a.m.90 views

Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.4.4 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS6.6AI score0.03571EPSS
Exploits2References9
cnvd
cnvd
added 2023/05/17 12:0 a.m.33 views

IBM Spectrum Protect Plus Information Disclosure Vulnerability (CNVD-2023-41895)

IBM Spectrum Protect Plus is a suite of data protection platforms from International Business Machines IBM. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. An information...

4.9CVSS5.8AI score0.00573EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/05/12 12:0 a.m.7 views

IBM Spectrum Protect Plus 信息泄露漏洞

IBM Spectrum Protect Plus is a suite of data protection platforms from International Business Machines IBM. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. An information...

4.9CVSS5.8AI score0.00573EPSS
Exploits0References3
prion
prion
added 2023/03/28 1:15 p.m.17 views

Authorization

A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data. This issue...

5CVSS7.5AI score0.00484EPSS
Exploits0References1Affected Software1
redhat
redhat
added 2023/03/17 4:41 p.m.53 views

Important: Red Hat Security Advisory: Red Hat Data Grid 7.3.10 security update

An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

8.5CVSS7.6AI score0.98124EPSS
Exploits6References4
vulnrichment
vulnrichment
added 2023/03/03 10:36 p.m.7 views

CVE-2023-27290 IBM Observability with Instana missing authentication

Docker based datastores for IBM Instana IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0 do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737...

9.1CVSS6.5AI score0.08573EPSS
Exploits3References3
github
github
added 2023/02/22 7:16 p.m.86 views

GeoTools OGC Filter SQL Injection Vulnerabilities

Impact GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations: 1. PropertyIsLike filter Requires PostGIS DataStore with...

9.8CVSS9.6AI score0.01072EPSS
Exploits1References4Affected Software1
osv
osv
added 2023/02/22 7:16 p.m.76 views

GHSA-99C3-QC2Q-P94M GeoTools OGC Filter SQL Injection Vulnerabilities

Impact GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations: 1. PropertyIsLike filter Requires PostGIS DataStore with...

9.8CVSS9.9AI score0.01072EPSS
Exploits1References4
github
github
added 2023/02/22 7:15 p.m.76 views

GeoServer OGC Filter SQL Injection Vulnerabilities

Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...

9.8CVSS9.7AI score0.85247EPSS
Exploits3References4Affected Software1
osv
osv
added 2023/02/22 7:15 p.m.35 views

GHSA-7G5F-WRX8-5CCF GeoServer OGC Filter SQL Injection Vulnerabilities

Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...

9.8CVSS10AI score0.85247EPSS
Exploits3References4
prion
prion
added 2023/02/21 10:15 p.m.32 views

Code injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

7.5CVSS9.4AI score0.85247EPSS
Exploits3References2Affected Software1
cvelist
cvelist
added 2023/02/21 9:0 p.m.66 views

CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

9.8CVSS9.6AI score0.85247EPSS
Exploits3References2
ptsecurity
ptsecurity
added 2023/02/21 12:0 a.m.7 views

PT-2023-19944 · Geotools · Geotools

Name of the Vulnerable Software and Affected Versions: GeoTools versions prior to 27.4 GeoTools versions prior to 28.2 Description: GeoTools is an open source Java library that provides tools for geospatial data. It includes support for OGC Filter expression language parsing, encoding and executi...

9.8CVSS9.8AI score0.01072EPSS
Exploits1References11
susecve
susecve
added 2023/02/15 3:41 a.m.5 views

SUSE CVE-2021-32001

K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...

6.5CVSS6.5AI score0.00304EPSS
Exploits0References5
Rows per page
Query Builder