Lucene search
K

56 matches found

Tenable Nessus
Tenable Nessus
added 2023/03/18 12:0 a.m.20 views

Fedora 37 : mingw-python-OWSLib (2023-8312a80917)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8312a80917 advisory. Update to OWSLib-0.28.1, fixes CVE-2023-27476. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

8.2CVSS7.5AI score0.00985EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/18 12:0 a.m.26 views

Fedora 36 : mingw-python-OWSLib (2023-ae06b3704c)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ae06b3704c advisory. Update to OWSLib-0.28.1, fixes CVE-2023-27476. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

8.2CVSS7.5AI score0.00985EPSS
Exploits0References2
Fedora
Fedora
added 2023/03/13 12:20 a.m.30 views

[SECURITY] Fedora 38 Update: mingw-python-OWSLib-0.28.1-1.fc38

MinGW Windows Python OWSLib library...

8.2CVSS7.5AI score0.00985EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/03/13 12:0 a.m.9 views

Fedora: Security Advisory for mingw-python-OWSLib (FEDORA-2023-9a878398a6)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.2CVSS7.5AI score0.00985EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/12 12:0 a.m.19 views

Fedora 38 : mingw-python-OWSLib (2023-9a878398a6)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-9a878398a6 advisory. Update to OWSLib-0.28.1, fixes CVE-2023-27476. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

8.2CVSS7.5AI score0.00985EPSS
Exploits0References2
Veracode
Veracode
added 2023/03/09 9:37 a.m.25 views

XML External Entity (XXE)

owslib is vulnerable to XML External Entity XXE. The vulnerability is due to allowing lxml entity resolution, which allows an attacker to read arbitrary files by parsing a crafted XML document...

8.2CVSS7.1AI score0.00985EPSS
Exploits0References9Affected Software1
SUSE CVE
SUSE CVE
added 2023/03/09 3:52 a.m.2 views

SUSE CVE-2023-27476

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

8.2CVSS7AI score0.00985EPSS
Exploits0References3
NVD
NVD
added 2023/03/08 12:15 a.m.8 views

CVE-2023-27476

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

8.2CVSS8.2AI score0.00985EPSS
Exploits0References5
OSV
OSV
added 2023/03/08 12:15 a.m.2 views

DEBIAN-CVE-2023-27476

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

7.5CVSS7.8AI score0.00985EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/03/08 12:15 a.m.24 views

CVE-2023-27476

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

8.2CVSS7AI score0.00985EPSS
Exploits0References5
Prion
Prion
added 2023/03/08 12:15 a.m.9 views

Design/Logic Flaw

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

5CVSS7.4AI score0.00985EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2023/03/08 12:15 a.m.3 views

ausdex (>=0.2.0 <=0.2.2), geodata-harvester (>=0.0.1 <=0.0.2) +10 more potentially affected by CVE-2023-27476 via owslib (>=0.22.0 <=0.27.2)

owslib PYPI version =0.22.0, =0.2.0, =0.0.1, =0.1.1, =0.7.0, =3.3.3, =0.1.12, =0.2.1, =0.12.0.dev0, =0.1.30, =0.13.2, =0.0.1, =0.1.0, =0.1.2 Source cves: CVE-2023-27476 Source advisory: OSV:PYSEC-2023-86...

8.2CVSS7.2AI score0.00985EPSS
Exploits0
PyPA
PyPA
added 2023/03/08 12:15 a.m.8 views

PYSEC-2023-86

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

8.2CVSS7AI score0.00985EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/03/08 12:15 a.m.1 views

UBUNTU-CVE-2023-27476

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

8.2CVSS5.9AI score0.00985EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/03/07 11:20 p.m.23 views

CVE-2023-27476 XML External Entity (XXE) Injection in OWSLib

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

8.2CVSS8.3AI score0.00985EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/03/07 11:20 p.m.23 views

CVE-2023-27476

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

8.2CVSS7.9AI score0.00985EPSS
Exploits0
CVE
CVE
added 2023/03/07 11:20 p.m.152 views

CVE-2023-27476

OWSLib (Python) has a vulnerability in its XML parser that does not disable entity resolution, enabling potential arbitrary file reads from attacker-controlled XML payloads across all XML parsing in the codebase. Affected versions prior to 0.28.1; remediation is to upgrade to 0.28.1 or apply the ...

8.2CVSS7.7AI score0.00985EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/07 11:20 p.m.7 views

CVE-2023-27476 XML External Entity (XXE) Injection in OWSLib

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

8.2CVSS8.2AI score0.00985EPSS
Exploits0References5
OSV
OSV
added 2023/03/07 11:20 p.m.10 views

CVE-2023-27476 XML External Entity (XXE) Injection in OWSLib

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

8.2CVSS7.9AI score0.00985EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/03/07 8:41 p.m.21 views

OWSLib vulnerable to XML External Entity (XXE) Injection

Impact OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution for lxml, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. Patches - Use only lxml for XML handling, adding...

8.2CVSS7.4AI score0.00985EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder