Vulnerabilities > Osgeo > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-43795 | Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 9.8 |
| 2023-02-21 | CVE-2023-25157 | SQL Injection vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 9.8 |
| 2022-10-17 | CVE-2022-0699 | Double Free vulnerability in Osgeo Shapelib 1.5.0 A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. | 9.8 |
| 2019-10-14 | CVE-2019-17545 | Double Free vulnerability in multiple products GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | 9.8 |
| 2017-03-15 | CVE-2017-5522 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests. | 9.8 |