Vulnerabilities > Osgeo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-08 | CVE-2023-27476 | XXE vulnerability in Osgeo Owslib OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. | 7.5 |
2023-02-21 | CVE-2023-25157 | SQL Injection vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 9.8 |
2022-10-17 | CVE-2022-0699 | Double Free vulnerability in Osgeo Shapelib 1.5.0 A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. | 9.8 |
2022-09-05 | CVE-2021-28398 | OS Command Injection vulnerability in Osgeo Geonetwork A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. | 7.2 |
2022-05-02 | CVE-2021-40822 | Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | 5.0 |
2022-04-13 | CVE-2022-24847 | Expression Language Injection vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 7.2 |
2022-01-01 | CVE-2021-45943 | Out-of-bounds Write vulnerability in multiple products GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | 5.5 |
2021-08-23 | CVE-2021-39371 | XXE vulnerability in multiple products An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. | 5.0 |
2021-07-20 | CVE-2019-25050 | Out-of-bounds Write vulnerability in Osgeo Gdal netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). | 4.6 |
2021-05-06 | CVE-2021-32062 | Path Traversal vulnerability in multiple products MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI). | 5.0 |