Lucene search
+L

84 matches found

Github Security Blog
Github Security Blog
added 2023/02/22 7:15 p.m.77 views

GeoServer OGC Filter SQL Injection Vulnerabilities

Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...

9.8CVSS9.7AI score0.85247EPSS
Exploits3References4Affected Software1
NVD
NVD
added 2023/02/21 10:15 p.m.46 views

CVE-2023-25157

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

9.8CVSS9.5AI score0.85247EPSS
Exploits3References2
Prion
Prion
added 2023/02/21 10:15 p.m.34 views

Code injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

7.5CVSS9.4AI score0.85247EPSS
Exploits3References2Affected Software1
NVD
NVD
added 2023/02/21 9:15 p.m.49 views

CVE-2023-25158

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore...

9.8CVSS10AI score0.01072EPSS
Exploits1References2
Prion
Prion
added 2023/02/21 9:15 p.m.22 views

Sql injection

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore...

7.5CVSS9.8AI score0.01072EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/21 9:0 p.m.66 views

CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

9.8CVSS9.6AI score0.85247EPSS
Exploits3References2
CVE
CVE
added 2023/02/21 9:0 p.m.310 views

CVE-2023-25157

CVE-2023-25157 (GeoServer SQL Injection) is triggered by flaws in OGC Filter handling within GeoServer’s WFS/WMS/WCS inputs, enabling SQL injection via filters such as PropertyIsLike, strEndsWith, strStartsWith, jsonArrayContains, and FeatureId under certain datastore conditions. Public details c...

9.8CVSS9.4AI score0.85247EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2023/02/21 9:0 p.m.48 views

CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

9.8CVSS8.2AI score0.85247EPSS
Exploits3References4
Cvelist
Cvelist
added 2023/02/21 8:57 p.m.51 views

CVE-2023-25158 Unfiltered SQL Injection in Geotools

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore...

9.8CVSS10AI score0.01072EPSS
Exploits1References2
CVE
CVE
added 2023/02/21 8:57 p.m.102 views

CVE-2023-25158

CVE-2023-25158 (GeoTools) is a SQL injection vulnerability affecting the OGC Filter handling when used with JDBCDataStore implementations. The issue arises from unsafe SQL construction in filters such as PropertyIsLike, strEndsWith, strStartsWith, FeatureId, jsonArrayContains, and DWithin, leadin...

9.8CVSS10AI score0.01072EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/02/21 8:57 p.m.39 views

CVE-2023-25158 Unfiltered SQL Injection in Geotools

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore...

9.8CVSS9.4AI score0.01072EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.9 views

GeoTools SQL注入漏洞

GeoTools is an open source Java library. Provides tools for geospatial data. A security vulnerability exists in GeoTools versions prior to 27.4 and prior to 28.2, which stems from the discovery of an SQL injection while executing an OGC filter using the JDBCDataStore implementation...

9.8CVSS8.5AI score0.01072EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/02/21 12:0 a.m.8 views

PT-2023-19944 · Geotools · Geotools

Name of the Vulnerable Software and Affected Versions: GeoTools versions prior to 27.4 GeoTools versions prior to 28.2 Description: GeoTools is an open source Java library that provides tools for geospatial data. It includes support for OGC Filter expression language parsing, encoding and executi...

9.8CVSS9.8AI score0.01072EPSS
Exploits1References11
NVD
NVD
added 2022/12/18 10:15 p.m.25 views

CVE-2022-4607

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...

9.8CVSS0.00737EPSS
Exploits0References4
Prion
Prion
added 2022/12/18 10:15 p.m.18 views

Xxe

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...

7.5CVSS9.4AI score0.00737EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/12/18 12:0 a.m.69 views

CVE-2022-4607

The CVE-2022-4607 issue affects 3D City Database OGC Web Feature Service (WFS) up to version 5.2.0. The root cause is an XML External Entity (XXE) reference introduced during processing, enabling potentially sensitive data exposure or other impact as described. A fix is available: upgrade to vers...

9.8CVSS7.6AI score0.00737EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/12/18 12:0 a.m.28 views

CVE-2022-4607 3D City Database OGC Web Feature Service xml external entity reference

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...

5.5CVSS9.8AI score0.00737EPSS
Exploits0References4
OSV
OSV
added 2022/12/18 12:0 a.m.34 views

CVE-2022-4607 3D City Database OGC Web Feature Service xml external entity reference

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...

5.5CVSS5.3AI score0.00737EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2022/03/27 12:0 a.m.14 views

Fedora: Security Advisory for libkml (FEDORA-2022-6746739d52)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/03/26 3:34 p.m.10 views

[SECURITY] Fedora 36 Update: libkml-1.3.0-37.fc36

Reference implementation of OGC KML 2.2. It also includes implementations of Google's gx: extensions used by Google Earth, as well as several utility libraries for working with other formats...

1.4AI score
Exploits0
Rows per page
Query Builder