19 matches found
SUSE CVE-2026-42030
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
UBUNTU-CVE-2026-42030
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
CVE-2026-42030
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
Mapserver 安全漏洞
Mapserver is an open-source platform developed by the Open Geospatial Foundation, designed for publishing spatial data and interactive map applications to the web. Vulnerabilities existed in MapServer versions from 6.0 to 8.6.2. These vulnerabilities stemmed from the combination of the...
PT-2026-39152
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
CVE-2025-50690
A Cross-Site Scripting XSS vulnerability exists in SpatialReference.org OSGeo/spatialreference.org versions prior to 2025-05-17 commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491. The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a...
CVE-2025-50690
CVE-2025-50690 describes a reflected XSS in SpatialReference.org (OSGeo/spatialreference.org). The issue arises from improper handling of user input in the search query parameter, enabling an unauthenticated attacker to craft a URL that reflects and executes arbitrary JavaScript in a victim’s bro...
SUSE CVE-2025-29480
Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...
PYSEC-2025-117
Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...
AZL-59715 CVE-2025-29480 affecting package gdal 3.6.3-5
Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...
DEBIAN-CVE-2025-29480
Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...
AZL-61789 CVE-2025-29480 affecting package gdal 3.6.3-2
Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...
UBUNTU-CVE-2025-29480
Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...
UBUNTU-CVE-2018-20539
There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF spatialreference.cpp in libLAS 1.8.1 that will cause a denial of service...
UBUNTU-CVE-2018-20536
There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF spatialreference.cpp in libLAS 1.8.1 that will cause a denial of service...
libLAS Null Pointer Dereference Vulnerability
libLAS is a C/C++ library for reading and writing the common LAS LiDAR format. A null pointer dereference vulnerability exists in liblas::SpatialReference::GetGTIF spatialreference.cpp in libLAS 1.8.1. An attacker could exploit this vulnerability to cause a denial of service...
libLAS Segmentation Error Vulnerability
libLAS is a C/C++ library for reading and writing the common LAS LiDAR format. A segmentation error vulnerability exists in libLAS 1.8.1. The vulnerability stems from illegal address access in liblas::SpatialReference::GetGTIF in spatialreference.cpp in libLAS. An attacker could use this...
[SECURITY] Fedora 24 Update: nodejs-srs-1.1.0-3.fc24
This module tries to detect projections, also known as "spatial reference systems". It works similiarly to gdalsrsinfo...