Filtered by vendor Osgeo
Subscribe
Total
30 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17546 | 2 Libtiff, Osgeo | 2 Libtiff, Gdal | 2024-12-20 | 6.8 MEDIUM | 8.8 HIGH |
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. | |||||
CVE-2023-43795 | 1 Osgeo | 1 Geoserver | 2024-11-21 | N/A | 8.6 HIGH |
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2. | |||||
CVE-2023-41339 | 1 Osgeo | 1 Geoserver | 2024-11-21 | N/A | 8.6 HIGH |
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2. | |||||
CVE-2023-27476 | 1 Osgeo | 1 Owslib | 2024-11-21 | N/A | 8.2 HIGH |
OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details. | |||||
CVE-2023-25157 | 1 Osgeo | 1 Geoserver | 2024-11-21 | N/A | 9.8 CRITICAL |
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse. | |||||
CVE-2022-24847 | 1 Osgeo | 1 Geoserver | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible. | |||||
CVE-2022-0699 | 1 Osgeo | 1 Shapelib | 2024-11-21 | N/A | 9.8 CRITICAL |
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc. | |||||
CVE-2021-45943 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Spatial And Graph and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | |||||
CVE-2021-40822 | 1 Osgeo | 1 Geoserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | |||||
CVE-2021-39371 | 2 Debian, Osgeo | 3 Debian Linux, Owslib, Pywps | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected. | |||||
CVE-2021-32062 | 2 Fedoraproject, Osgeo | 2 Fedora, Mapserver | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI). | |||||
CVE-2019-25050 | 1 Osgeo | 1 Gdal | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). | |||||
CVE-2019-17545 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Backports Sle and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | |||||
CVE-2017-5522 | 2 Debian, Osgeo | 2 Debian Linux, Mapserver | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests. | |||||
CVE-2016-9839 | 1 Osgeo | 1 Mapserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | |||||
CVE-2013-7262 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2024-11-21 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter. | |||||
CVE-2011-2975 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2024-11-21 | 6.8 MEDIUM | N/A |
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data. | |||||
CVE-2011-2704 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2024-11-21 | 7.5 HIGH | N/A |
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding. | |||||
CVE-2011-2703 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support. | |||||
CVE-2010-2540 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2024-11-21 | 10.0 HIGH | N/A |
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments. |