Vulnerabilities > Osgeo

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-41339 Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data.
network
low complexity
osgeo CWE-918
5.3
5.3
2023-10-25 CVE-2023-43795 Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data.
network
low complexity
osgeo CWE-918
critical
 9.8
9.8
2023-03-08 CVE-2023-27476 XXE vulnerability in Osgeo Owslib
OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models.
network
low complexity
osgeo CWE-611
7.5
7.5
2023-02-21 CVE-2023-25157 SQL Injection vulnerability in Osgeo Geoserver
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data.
network
low complexity
osgeo CWE-89
critical
 9.8
9.8
2022-10-17 CVE-2022-0699 Double Free vulnerability in Osgeo Shapelib 1.5.0
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases.
network
low complexity
osgeo CWE-415
critical
 9.8
9.8
2022-09-05 CVE-2021-28398 OS Command Injection vulnerability in Osgeo Geonetwork
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure.
network
low complexity
osgeo CWE-78
7.2
7.2
2022-05-02 CVE-2021-40822 Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
network
low complexity
osgeo CWE-918
7.5
7.5
2022-04-13 CVE-2022-24847 Expression Language Injection vulnerability in Osgeo Geoserver
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data.
network
low complexity
osgeo CWE-917
7.2
7.2
2022-01-01 CVE-2021-45943 Out-of-bounds Write vulnerability in multiple products
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
local
low complexity
osgeo debian fedoraproject oracle CWE-787
5.5
5.5
2021-08-23 CVE-2021-39371 XXE vulnerability in multiple products
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity.
network
low complexity
osgeo debian CWE-611
7.5
7.5