Vulnerabilities > Osgeo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-08 | CVE-2023-27476 | XXE vulnerability in Osgeo Owslib OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. | 7.5 |
| 2023-02-27 | CVE-2023-26043 | XXE vulnerability in Osgeo Geonode GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. | 6.5 |
| 2023-02-21 | CVE-2023-25157 | SQL Injection vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 9.8 |
| 2022-10-17 | CVE-2022-0699 | Double Free vulnerability in Osgeo Shapelib 1.5.0 A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. | 9.8 |
| 2022-09-05 | CVE-2021-28398 | OS Command Injection vulnerability in Osgeo Geonetwork A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. | 7.2 |
| 2022-05-02 | CVE-2021-40822 | Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | 5.0 |
| 2022-04-13 | CVE-2022-24847 | Improper Input Validation vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 6.5 |
| 2022-01-01 | CVE-2021-45943 | Out-of-bounds Write vulnerability in multiple products GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | 5.5 |
| 2021-08-23 | CVE-2021-39371 | XXE vulnerability in multiple products An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. | 5.0 |
| 2021-07-20 | CVE-2019-25050 | Out-of-bounds Write vulnerability in Osgeo Gdal netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). | 4.6 |