Lucene search

K

Osgeo Security Vulnerabilities

cve
cve

CVE-2023-25157

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. .....

9.8CVSS

9.2AI Score

0.593EPSS

2023-02-21 10:15 PM
88
cve
cve

CVE-2019-17546

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param"...

8.8CVSS

8.6AI Score

0.008EPSS

2019-10-14 02:15 AM
356
cve
cve

CVE-2021-32062

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer...

5.3CVSS

5.1AI Score

0.002EPSS

2021-05-06 01:15 PM
31
4
cve
cve

CVE-2021-45943

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and...

5.5CVSS

5.8AI Score

0.001EPSS

2022-01-01 01:15 AM
63
6
cve
cve

CVE-2019-17545

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is...

9.8CVSS

9.3AI Score

0.011EPSS

2019-10-14 02:15 AM
197
cve
cve

CVE-2023-43795

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request.....

9.8CVSS

9.3AI Score

0.121EPSS

2023-10-25 06:17 PM
59
cve
cve

CVE-2023-41339

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld=<url> parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic sty...

8.6CVSS

5.4AI Score

0.001EPSS

2023-10-25 06:17 PM
82
cve
cve

CVE-2023-27476

OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both lxml and xml.etree) does not disable entity resolution, and could lead to arbitrary file reads from an....

8.2CVSS

7.3AI Score

0.001EPSS

2023-03-08 12:15 AM
66
cve
cve

CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

7.2CVSS

7.3AI Score

0.001EPSS

2022-04-13 10:15 PM
672
cve
cve

CVE-2016-9839

In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection...

7.5CVSS

7.2AI Score

0.002EPSS

2016-12-08 08:59 AM
23
cve
cve

CVE-2022-0699

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over...

9.8CVSS

9AI Score

0.002EPSS

2022-10-17 04:15 PM
38
3
cve
cve

CVE-2009-2281

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow.....

7.8AI Score

0.093EPSS

2022-10-03 04:24 PM
38
2
cve
cve

CVE-2011-2975

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile...

7.3AI Score

0.008EPSS

2022-10-03 04:15 PM
24
2
cve
cve

CVE-2021-28398

A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the...

7.2CVSS

7.2AI Score

0.001EPSS

2022-09-05 05:15 PM
30
3
cve
cve

CVE-2021-40822

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy...

7.5CVSS

7.4AI Score

0.711EPSS

2022-05-02 12:15 AM
72
2
cve
cve

CVE-2021-39371

An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be...

7.5CVSS

7.3AI Score

0.002EPSS

2021-08-23 01:15 AM
60
4
cve
cve

CVE-2019-25050

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and...

7.8CVSS

7.8AI Score

0.001EPSS

2021-07-20 07:15 AM
26
5
cve
cve

CVE-2010-1678

Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile...

7.5CVSS

7.5AI Score

0.003EPSS

2019-10-29 09:15 PM
55
cve
cve

CVE-2017-5522

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature...

9.8CVSS

9.6AI Score

0.078EPSS

2017-03-15 04:59 PM
42
cve
cve

CVE-2013-7262

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME...

8.2AI Score

0.003EPSS

2014-01-05 08:55 PM
29
2
cve
cve

CVE-2011-2704

Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter...

8AI Score

0.15EPSS

2011-08-01 07:55 PM
36
2
cve
cve

CVE-2011-2703

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time...

8.4AI Score

0.004EPSS

2011-08-01 07:55 PM
35
cve
cve

CVE-2010-2540

mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted...

6.6AI Score

0.01EPSS

2010-08-02 10:00 PM
44
2
cve
cve

CVE-2010-2539

Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary...

6.1AI Score

0.0004EPSS

2010-08-02 10:00 PM
34
2
cve
cve

CVE-2009-0839

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query...

7.8AI Score

0.161EPSS

2009-03-31 06:24 PM
41
2
cve
cve

CVE-2009-0843

The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname...

6.4AI Score

0.006EPSS

2009-03-31 06:24 PM
41
2
cve
cve

CVE-2009-1177

Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack...

6.6AI Score

0.013EPSS

2009-03-31 06:24 PM
29
2
cve
cve

CVE-2009-0841

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id...

6.5AI Score

0.025EPSS

2009-03-31 06:24 PM
44
cve
cve

CVE-2009-0840

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP...

6.5AI Score

0.03EPSS

2009-03-31 06:24 PM
49
2
cve
cve

CVE-2009-0842

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map...

6.2AI Score

0.011EPSS

2009-03-31 06:24 PM
42
2
cve
cve

CVE-2009-1176

mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query...

6.8AI Score

0.016EPSS

2009-03-31 06:24 PM
36
2