Vulnerabilities > Osgeo

DATE CVE VULNERABILITY TITLE RISK
2023-03-08 CVE-2023-27476 XXE vulnerability in Osgeo Owslib
OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models.
network
low complexity
osgeo CWE-611
7.5
2023-02-27 CVE-2023-26043 XXE vulnerability in Osgeo Geonode
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data.
network
low complexity
osgeo CWE-611
6.5
2023-02-21 CVE-2023-25157 SQL Injection vulnerability in Osgeo Geoserver
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data.
network
low complexity
osgeo CWE-89
critical
9.8
2022-10-17 CVE-2022-0699 Double Free vulnerability in Osgeo Shapelib 1.5.0
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases.
network
low complexity
osgeo CWE-415
critical
9.8
2022-09-05 CVE-2021-28398 OS Command Injection vulnerability in Osgeo Geonetwork
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure.
network
low complexity
osgeo CWE-78
7.2
2022-05-02 CVE-2021-40822 Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
network
low complexity
osgeo CWE-918
5.0
2022-04-13 CVE-2022-24847 Improper Input Validation vulnerability in Osgeo Geoserver
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data.
network
low complexity
osgeo CWE-20
6.5
2022-01-01 CVE-2021-45943 Out-of-bounds Write vulnerability in multiple products
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
local
low complexity
osgeo debian fedoraproject oracle CWE-787
5.5
2021-08-23 CVE-2021-39371 XXE vulnerability in multiple products
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity.
network
low complexity
osgeo debian CWE-611
5.0
2021-07-20 CVE-2019-25050 Out-of-bounds Write vulnerability in Osgeo Gdal
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
local
low complexity
osgeo CWE-787
4.6