270 matches found
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's...
PT-2024-19991 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.3 and 2.24.0 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend...
CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...
CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...
SpiceDB Log Information Disclosure Vulnerability
SpiceDB is a fine-grained permissions database inspired by Google Zanzibar. A log message disclosure vulnerability exists in SpiceDB versions prior to 1.27.0, which stems from the fact that SPICEDBDATASTORECONNURI is disclosed when the URI cannot be resolved, displaying the password in the log...
SureBackup Job Failure: "The resource 'VeeamBackup_' is in use."
Challenge A SureBackup job in a vSphere environment fails with the error: The resource 'VeeamBackup' is in use. The error as found in the SureBackup Job log%programdata%\Veeam\Backup\SureBackup\Job.SureBackup.log: Error Failed to connect backup datastore to the ESXi host "esx01.domain.tld"...
Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.4.4 security update
An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
IBM Spectrum Protect Plus Information Disclosure Vulnerability (CNVD-2023-41895)
IBM Spectrum Protect Plus is a suite of data protection platforms from International Business Machines IBM. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. An information...
IBM Spectrum Protect Plus 信息泄露漏洞
IBM Spectrum Protect Plus is a suite of data protection platforms from International Business Machines IBM. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. An information...
Authorization
A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data. This issue...
Important: Red Hat Security Advisory: Red Hat Data Grid 7.3.10 security update
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2023-27290 IBM Observability with Instana missing authentication
Docker based datastores for IBM Instana IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0 do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737...
GeoTools OGC Filter SQL Injection Vulnerabilities
Impact GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations: 1. PropertyIsLike filter Requires PostGIS DataStore with...
GHSA-99C3-QC2Q-P94M GeoTools OGC Filter SQL Injection Vulnerabilities
Impact GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations: 1. PropertyIsLike filter Requires PostGIS DataStore with...
GeoServer OGC Filter SQL Injection Vulnerabilities
Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...
GHSA-7G5F-WRX8-5CCF GeoServer OGC Filter SQL Injection Vulnerabilities
Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...
Code injection
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...
CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...
PT-2023-19944 · Geotools · Geotools
Name of the Vulnerable Software and Affected Versions: GeoTools versions prior to 27.4 GeoTools versions prior to 28.2 Description: GeoTools is an open source Java library that provides tools for geospatial data. It includes support for OGC Filter expression language parsing, encoding and executi...
SUSE CVE-2021-32001
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...