Vulnerabilities > Osgeo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-08 | CVE-2023-27476 | Unspecified vulnerability in Osgeo Owslib OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. | 7.5 |
| 2022-09-05 | CVE-2021-28398 | OS Command Injection vulnerability in Osgeo Geonetwork A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. | 7.2 |
| 2022-05-02 | CVE-2021-40822 | Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | 7.5 |
| 2022-04-13 | CVE-2022-24847 | Expression Language Injection vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 7.2 |
| 2021-08-23 | CVE-2021-39371 | XXE vulnerability in multiple products An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. | 7.5 |
| 2021-07-20 | CVE-2019-25050 | Out-of-bounds Write vulnerability in Osgeo Gdal netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). | 7.8 |
| 2019-10-29 | CVE-2010-1678 | Improper Input Validation vulnerability in Osgeo Mapserver Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | 7.5 |
| 2019-10-14 | CVE-2019-17546 | Integer Overflow or Wraparound vulnerability in multiple products tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. | 8.8 |
| 2016-12-08 | CVE-2016-9839 | Information Exposure vulnerability in Osgeo Mapserver In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | 7.5 |