Vulnerabilities > Osgeo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-25 | CVE-2023-41339 | Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 5.3 |
2023-10-25 | CVE-2023-43795 | Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 9.8 |
2023-03-08 | CVE-2023-27476 | Unspecified vulnerability in Osgeo Owslib OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. | 7.5 |
2023-02-21 | CVE-2023-25157 | SQL Injection vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 9.8 |
2022-10-17 | CVE-2022-0699 | Double Free vulnerability in Osgeo Shapelib 1.5.0 A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. | 9.8 |
2022-09-05 | CVE-2021-28398 | OS Command Injection vulnerability in Osgeo Geonetwork A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. | 7.2 |
2022-05-02 | CVE-2021-40822 | Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | 7.5 |
2022-04-13 | CVE-2022-24847 | Expression Language Injection vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 7.2 |
2022-01-01 | CVE-2021-45943 | Out-of-bounds Write vulnerability in multiple products GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | 5.5 |
2021-08-23 | CVE-2021-39371 | XXE vulnerability in multiple products An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. | 7.5 |