PT-2023-32590 · 52North · 52North Wps

Name of the Vulnerable Software and Affected Versions: 52North WPS versions prior to 4.0.0-beta.11 Description: An XXE XML External Entity vulnerability has been detected, allowing the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP...

ALPINE-CVE-2023-49285

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds fo...

GeoServer server-side request forgery vulnerability (CNVD-2024-14588)

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. GeoServer suffers from a server-side request forgery vulnerability that stems from the fact that the OGC Web Processing Service WPS specification is designed to process information from an...

Server side request forgery (ssrf)

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

GeoServer 代码问题漏洞

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. GeoServer suffers from a server-side request forgery vulnerability that stems from the fact that the OGC Web Processing Service WPS specification is designed to process information from an...

CVE-2023-43795 WPS Server Side Request Forgery in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

CVE-2023-43795 WPS Server Side Request Forgery in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

PT-2023-28987 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.22.5 GeoServer versions prior to 2.23.2 GeoServer version 2.20.5 GeoServer version 2.21.0 Description: The OGC Web Processing Service WPS specification in GeoServer allows processing of information from any serve...

GeoServer 安全漏洞

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A code execution vulnerability exists in GeoServer. The vulnerability stems from java.lang.Runtime.getRuntime.exec in wps:LiteralData failing to correctly filter the special elements of th...

datacube-wps (>=0.4.0 <=0.4.8) potentially affected by CVE-2021-39371 via pywps (=4.2.4)

pywps PYPI version =4.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on pywps and may be impacted: - datacube-wps =0.4.0, =0.4.8 Source cves: CVE-2021-39371 Source advisory: OSV:GHSA-P9WF-3XPG-C9G5...

DEBIAN-CVE-2021-39371

An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...

UBUNTU-CVE-2021-39371

An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...

datacube-wps (>=0.4.0 <=0.4.8) potentially affected by CVE-2021-39371 via pywps (=4.2.4)

pywps PYPI version =4.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on pywps and may be impacted: - datacube-wps =0.4.0, =0.4.8 Source cves: CVE-2021-39371 Source advisory: OSV:PYSEC-2021-121...

PT-2020-16853 · Apple · Macos Catalina +7

Name of the Vulnerable Software and Affected Versions: macOS Big Sur versions prior to 11.1 macOS Catalina versions prior to Security Update 2020-001 macOS Mojave versions prior to Security Update 2020-007 iOS versions prior to 14.2 iPadOS versions prior to 14.2 watchOS versions prior to 7.1 tvOS...

webkitgtk: malicious web content leads to arbitrary code execution

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...