CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28398
https://notcve.org/view.php?id=CVE-2021-28398
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0. Un atacante privilegiado en GeoNetwork versiones anteriores a 3.12.0 y versiones 4.x anteriores a 4.0.4, puede usar el script previo del recolector de directorios para ejecutar comandos arbitrarios del Sistema Operativo de forma remota en la infraestructura de alojamiento. • https://geonetwork-opensource.org https://geonetwork-opensource.org/manuals/trunk/en/overview/change-log/version-3.6.0.html https://github.com/geonetwork/core-geonetwork https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-cf8p-c88c-h9jf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 62%CPEs: 2EXPL: 1CVE-2021-40822
https://notcve.org/view.php?id=CVE-2021-40822
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. GeoServer versiones hasta 2.18.5 y versiones 2.19.x hasta 2.19.2, permite un ataque de tipo SSRF por medio de la opción de establecer un host proxy • https://github.com/phor3nsic/CVE-2021-40822 https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3 https://github.com/geoserver/geoserver/releases https://osgeo-org.atlassian.net/browse/GEOS-10229 https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24847 – Improper Input Validation in GeoServer
https://notcve.org/view.php?id=CVE-2022-24847
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. • https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh • CWE-20: Improper Input Validation CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 2CVE-2021-45943
https://notcve.org/view.php?id=CVE-2021-45943
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). GDAL versiones 3.3.0 hasta 3.4.0, presenta un desbordamiento de búfer en la región heap de la memoria en la función PCIDSK::CPCIDSKFile::ReadFromFile (llamado desde PCIDSK::CPCIDSKSegment::ReadFromFile y PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 https://github.com/OSGeo/gdal/commit/1ca6a3e5168c200763fa46d8aa7e698d0b757e7e https://github.com/OSGeo/gdal/pull/4944 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBPJGXY7IYY6 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39371
https://notcve.org/view.php?id=CVE-2021-39371
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected. Una inyección de entidad externa XML (XXE) en PyWPS antes de la versión 4.4.5 permite a un atacante ver archivos en el sistema de archivos del servidor de aplicaciones asignando una ruta a la entidad. OWSLib versión 0.24.1 también puede estar afectado • https://github.com/geopython/OWSLib/issues/790 https://github.com/geopython/pywps/pull/616 https://lists.debian.org/debian-lts-announce/2021/09/msg00001.html • CWE-611: Improper Restriction of XML External Entity Reference •