Lucene search
+L

292 matches found

EUVD
EUVD
added 4 days ago7 views

EUVD-2024-24347

GeoNode: Stored XSS to full account takeover...

6.1CVSS6.4AI score0.00376EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.9 views

Python Library Django 5.2.x < 5.2.16 / 6.0.x < 6.0.7 Multiple Vulnerabilities

The detected version of the Django Python package is 5.2.x prior to 5.2.16 or 6.0.x prior to 6.0.7. It is, therefore, affected by multiple vulnerabilities: - django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory...

6.3CVSS6.8AI score0.00375EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/07/07 2:10 p.m.6 views

CVE-2026-53877

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6AI score0.00291EPSS
Exploits0
OSV
OSV
added 2026/06/22 5:47 a.m.4 views

BIT-MONGODB-2026-9752 GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 11:17 p.m.15 views

CVE-2026-9752

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

7.1CVSS0.0027EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.7 views

UBUNTU-CVE-2026-9752

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

7.1CVSS5.2AI score0.0027EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 10:27 p.m.39 views

CVE-2026-9752

MongoDB CVE-2026-9752 describes a vulnerability where an authorized user can trigger a server crash by executing a query that builds a 2dsphere index on a field containing a GeoJSON GeometryCollection with a Polygon that uses a strict-winding CRS. The underlying issue is that while strict-winding...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-48302

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when...

7.1CVSS5.5AI score0.0027EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

MongoDB Server 代码问题漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a code vulnerability in MongoDB Server, which stems from the 2dsphere...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/08 7:18 p.m.13 views

CVE-2026-8087 vulnerabilities

Vulnerabilities for packages: gdal...

7.8CVSS5.8AI score0.00223EPSS
Exploits1
Chainguard
Chainguard
added 2026/06/08 7:18 p.m.15 views

CVE-2026-8212 vulnerabilities

Vulnerabilities for packages: gdal...

5.5CVSS5.8AI score0.00205EPSS
Exploits1
OSV
OSV
added 2026/05/28 10:21 p.m.13 views

USN-8345-1 gdal vulnerability

It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...

8.8CVSS6.7AI score0.00739EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-49014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry...

7.8CVSS6.6AI score0.00102EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:16 a.m.11 views

PYSEC-2026-193

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

7.8CVSS6.5AI score0.00102EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 2:16 a.m.6 views

DEBIAN-CVE-2026-49014

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

7.8CVSS6.7AI score0.00102EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 1:39 a.m.2 views

CVE-2026-49014

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

7.4CVSS6.9AI score0.00102EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/27 1:39 a.m.12 views

CVE-2026-49014

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

7.8CVSS6.7AI score0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 1:39 a.m.36 views

CVE-2026-49014

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

7.4CVSS0.00102EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:39 a.m.8 views

CVE-2026-49014

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

7.4CVSS6.7AI score0.00102EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 1:39 a.m.32 views

CVE-2026-49014

CVE-2026-49014 affects GDAL versions 3.1.0–3.13.0 via the netCDF driver. The vulnerability resides in scanForGeometryContainers (frmts/netcdf/netcdfsg.cpp), where a geometry attribute is read into a fixed-size stack buffer without validating its length, allowing a stack-based buffer overflow that...

7.8CVSS6.7AI score0.00102EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder