GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System (GIS) databases, web-based data, and personal datasets. In the GeoServer versions before 2.23.6, greater than or equal to 2.24.0, before 2.24.4 and greater than equal to 2.25.0, and before 2.25.1, multiple OGC request parameters allow remote code execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. An attacker can abuse this by sending a POST request with a malicious xpath expression to execute arbitrary commands as root on the system.
60f349aa901f9dae2286ae790ca0dc4f7e03fb5120fbbaa6cd6f79d5a14fe921Ubuntu Security Notice 6898-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.
ee181d7c57544b38471cdfdd8a2ee4fb18baf1502aad94b568edad8babad667dUbuntu Security Notice 6897-1 - It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ghostscript incorrectly handled certain API parameters. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS.
74ece8ebf8813655ea2cfa9de0b310b3f37ade10f60883e4d799c608ba570a98Red Hat Security Advisory 2024-4549-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a code execution vulnerability.
00295addb0cab2b68bc4677d89793f5a17c9cb4a35bf23ea6b33ac246739fd57Red Hat Security Advisory 2024-4548-03 - An update for kpatch-patch-5_14_0-284_48_1 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and use-after-free vulnerabilities.
02a7b186977875e0481b94879a9e3ee9a773dfb00ca93400493d8c2128f78bd7Red Hat Security Advisory 2024-4547-03 - An update for kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include code execution and use-after-free vulnerabilities.
41b46b9646256aac9fee4111f03d403e16f5a9684a0f9b6ff256200b3bd60ab4jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
8d0618dafc562012201b160ff1a083e7f59b02a76c7872748bc48ca60ee56147Red Hat Security Advisory 2024-4546-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.
0e6c636de4cc67aad433a5c0a280bd43d18883983a61ca03555eb769d95d9b81Red Hat Security Advisory 2024-4545-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
aa17979ddfb927fe4ea4bab8daa1223b42630f2b173e6ab94083c5f70d571255Red Hat Security Advisory 2024-4544-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
d1091ddb4aeeaa1ad53dd1f0177283e5b977062c6c12908434ad4315a415e6f0Red Hat Security Advisory 2024-4543-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
093cd75d2ec185352c439a172bb0b20445e9730be216ec408fc5354b64e3dcdbRed Hat Security Advisory 2024-4542-03 - An update for ruby is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP response splitting vulnerability.
997ce801d52e1d2f380bd35c336ed1d3f6f38e9f52cdcc51a98793f300b3e7d8Red Hat Security Advisory 2024-4541-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
760347553df652be709bc68e1eb9000bf067a3594f2bf61c69cd7ce20f3eec72Red Hat Security Advisory 2024-4537-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
137bff4e5ce293db3931426fcbeddb6106c1cd70393a1f31f2f9d139ac295841Red Hat Security Advisory 2024-4533-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and use-after-free vulnerabilities.
0ffc9bcf4e7a87eb9e1a8e59599d90812f668148847ee41fda81f2233fc4cb4aRed Hat Security Advisory 2024-4529-03 - An update for less is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
4aa28e7ecffb8685baf52db8cb385dad021d7d02f30c0c2d93f4141adfbd0e14Red Hat Security Advisory 2024-4528-03 - An update for less is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
cda95121aa90c73362dd19c95244909faf8b940e3e746bf8bba0205525ac0356Red Hat Security Advisory 2024-4527-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.
a724074671111a94fe21b3ebeb61518fcbff2bdba7efab9f5cda9cd66cbc5c04Red Hat Security Advisory 2024-4517-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.
1035808e12842bca7f0b6b69696a96df2d5674352133a5f6d9421b4802b60477Red Hat Security Advisory 2024-4508-03 - An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
45bd50249b04b963034e082c8d81c17a7bee756a97941fa8b911574f07f44169Red Hat Security Advisory 2024-4502-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.
a94afecca63f546aec9181f9000dce8011dd5339615a7f14e45bbc62f97ba524Red Hat Security Advisory 2024-4501-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
0c596bbbcb5a1088f0e5ce2a90379eee58d1c211e895b0db0ee63e2d7a8b2f52Red Hat Security Advisory 2024-4500-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.
56413b8610dc0dad2e8551fbf4bc7cda8c9684fcd1a2d5c6ea4b52069b5818e3Red Hat Security Advisory 2024-4326-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.
f806911ed87b07a4e916c87e592f8bee2e424c9b36bb8d5171f6f3a67cd2c837Red Hat Security Advisory 2024-2106-03 - An update is now available for Red Hat build of Quarkus.
d210e27e70cd09638d510743a91f2b8bd003b40bde80b11351858951d4ce96bc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed