12 matches found
CVE-2026-45104
A flaw was found in MapServer. A remote attacker can exploit this vulnerability by sending a specially crafted Styled Layer Descriptor SLD via the Web Map Service WMS SLDBODY parameter. This can lead to a NULL pointer dereference, causing a Denial of Service DoS condition...
CVE-2026-45104
MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...
Debian dla-4537 : cgi-mapserver - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4537 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4537-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 4537-1] mapserver security update
Debian LTS Advisory DLA-4537-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin April 17, 2026 https://wiki.debian.org/LTS Package : mapserver Version : 7.6.2-1+deb11u2 CVE ID : CVE-2026-33721 A heap-buffer-overflow was found in mapserver, a CGI-based framework for...
CVE-2026-33721
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
CVE-2026-33721
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
CVE-2026-33721
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
Mapserver 缓冲区错误漏洞
Mapserver is an open-source platform developed by the Open Geospatial Foundation, designed for publishing spatial data and interactive map applications to the web. Versions of MapServer prior to 8.6.1 contained a buffer error vulnerability. This vulnerability stemmed from SLD parser issues...
CVE-2025-21621
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
CVE-2025-21621
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
PT-2025-48090
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...