Lucene search
K

83 matches found

BDU FSTEC
BDU FSTEC
added 2025/04/25 12:0 a.m.10 views

The vulnerability of the GeoWebCache component of the software for managing and publishing geospatial data on the OSGeo GeoServer server allows a perpetrator to execute arbitrary code.

The vulnerability of the GeoWebCache component of the software for managing and publishing geospatial data on the OSGeo GeoServer server is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

9CVSS7.5AI score0.01465EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2024/11/12 6:43 p.m.3 views

Arbitrary Code Injection

Overview torchgeo is a TorchGeo: datasets, samplers, transforms, and pre-trained models for geospatial data Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of specific data inputs. An attacker can execute arbitrary code on the system. Remediation...

9.2CVSS8.2AI score0.01221EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/07/15 12:0 a.m.471 views

Geoserver Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geoserver unauthenticated Remote Code Execution', 'Description' = %q GeoServer is an open-source software server written in Java that provides th...

9.8CVSS7AI score0.99813EPSS
Exploits25
GithubExploit
GithubExploit
added 2024/07/12 7:1 a.m.375 views

Exploit for Code Injection in Geoserver

RCE vulnerability in GeoServer CVE-2024-36401 - detection sc...

9.8CVSS10AI score0.99813EPSS
Exploits25
Vulnrichment
Vulnrichment
added 2024/07/02 1:39 p.m.30 views

CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7.5AI score0.74908EPSS
Exploits0References16
CVE
CVE
added 2024/07/02 1:39 p.m.110 views

CVE-2024-36404

GeoTools CVE-2024-36404: RCE in evaluating user-supplied XPath expressions affects prior releases; fixes are in 31.2, 30.4, and 29.6. Workarounds include running with reduced functionality by removing the gt-complex jar, which may break application schema queries. A drop-in replacement jar is ava...

9.8CVSS9.7AI score0.74908EPSS
Exploits0References16
Cvelist
Cvelist
added 2024/03/27 1:1 p.m.26 views

CVE-2024-27091 GeoNode stored XSS to full account takeover

GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims...

6.1CVSS6.3AI score0.00376EPSS
Exploits0References2
CNVD
CNVD
added 2024/03/22 12:0 a.m.18 views

GeoServer Cross-Site Scripting Vulnerability

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective filtering and escaping of user-supplied...

4.8CVSS6.3AI score0.00405EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/20 6:3 p.m.42 views

CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS5.1AI score0.00405EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/20 5:44 p.m.35 views

CVE-2024-23642 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS5.1AI score0.00426EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.3 views

libLAS Security Vulnerabilities

libLAS is a libLAS open source library for reading and writing geospatial data encoded in the ASPRS laser file format versions 1.0, 1.1 and 1.2. A security vulnerability exists in libLAS version 1.8.1, which originates from a memory leak contained in /libLAS/apps/ts2las.cpp...

7.5CVSS6.8AI score0.01158EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2023/11/29 12:0 a.m.17 views

Fedora: Security Advisory for python-geopandas (FEDORA-2023-c907492c3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.14414EPSS
Exploits0References2
Prion
Prion
added 2023/10/25 6:17 p.m.18 views

Server side request forgery (ssrf)

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

7.5CVSS9.3AI score0.67715EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/09/20 12:0 a.m.30 views

Server-Side Request Forgery (SSRF)

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

7.5CVSS6.7AI score0.0078EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2023/09/15 9:15 p.m.35 views

CVE-2023-42439

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

7.5CVSS7.4AI score0.0078EPSS
Exploits1References3
Prion
Prion
added 2023/09/15 9:15 p.m.30 views

Server side request forgery (ssrf)

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

4CVSS6.3AI score0.0078EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/09/15 9:15 p.m.38 views

PYSEC-2023-176

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

6.5CVSS6.7AI score0.0078EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/09/15 8:22 p.m.20 views

CVE-2023-42439 GeoNode SSRF Bypass to return internal host data

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

7.5CVSS6.7AI score0.0078EPSS
Exploits1References3
Prion
Prion
added 2023/08/24 11:15 p.m.21 views

Server side request forgery (ssrf)

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...

5CVSS7.4AI score0.00638EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/08/24 10:45 p.m.21 views

CVE-2023-40017 Geonode Server Side Request Forgery vulnerability

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...

7.5CVSS7.6AI score0.00638EPSS
Exploits1References2
Rows per page
Query Builder