Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osgeo vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2019-25050
netCDF in GDAL 2.4.2 up to and including 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
Osgeo Gdal
5
CVSSv2
CVE-2021-32062
MapServer prior to 7.0.8, 7.1.x and 7.2.x prior to 7.2.3, 7.3.x and 7.4.x prior to 7.4.5, and 7.5.x and 7.6.x prior to 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded ...
Osgeo Mapserver
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2010-1678
Mapserver 5.2, 5.4 and 5.6 prior to 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
Osgeo Mapserver 5.2.0
Osgeo Mapserver 5.4.0
Osgeo Mapserver
7.5
CVSSv2
CVE-2019-17545
GDAL up to and including 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
Osgeo Gdal
Oracle Spatial And Graph 19c
Oracle Spatial And Graph 12.2.0.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
6.8
CVSSv2
CVE-2019-17546
tif_getimage.c in LibTIFF up to and including 4.0.10, as used in GDAL up to and including 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
Libtiff Libtiff
Osgeo Gdal
7.5
CVSSv2
CVE-2017-5522
Stack-based buffer overflow in MapServer prior to 6.0.6, 6.2.x prior to 6.2.4, 6.4.x prior to 6.4.5, and 7.0.x prior to 7.0.4 allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
Debian Debian Linux 8.0
Osgeo Mapserver 7.0.0
Osgeo Mapserver 6.4.1
Osgeo Mapserver 6.4.2
Osgeo Mapserver 6.4.3
Osgeo Mapserver 6.2.0
Osgeo Mapserver
Osgeo Mapserver 7.0.3
Osgeo Mapserver 6.4.4
Osgeo Mapserver 6.4.0
Osgeo Mapserver 7.0.1
Osgeo Mapserver 6.2.1
Osgeo Mapserver 6.2.2
Osgeo Mapserver 6.2.3
Osgeo Mapserver 7.0.2
5
CVSSv2
CVE-2016-9839
In MapServer prior to 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
Osgeo Mapserver
6.8
CVSSv2
CVE-2013-7262
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer prior to 6.4.1, when a WMS-Time service is used, allows remote malicious users to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
Osgeo Mapserver 6.2.1
Umn Mapserver 6.0.0
Umn Mapserver 5.2.3
Osgeo Mapserver 4.10.2
Osgeo Mapserver 4.10.4
Osgeo Mapserver 4.6.0
Osgeo Mapserver 4.8.0
Osgeo Mapserver 5.0.0
Osgeo Mapserver 5.2.1
Osgeo Mapserver 5.4.0
Osgeo Mapserver 5.4.2
Osgeo Mapserver 6.2.0
Osgeo Mapserver 6.0.3
Osgeo Mapserver 6.0.2
Osgeo Mapserver 6.0.1
Osgeo Mapserver 4.10.5
Osgeo Mapserver 4.2.0
Osgeo Mapserver 4.4.0
Osgeo Mapserver 4.10.0
Osgeo Mapserver 5.2.0
Osgeo Mapserver 5.6.1
Osgeo Mapserver 5.6.3
6.8
CVSSv2
CVE-2011-2975
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer prior to 6.0.1 might allow remote malicious users to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
Osgeo Mapserver 5.0.0
Osgeo Mapserver 5.2.0
Osgeo Mapserver 5.2.1
Osgeo Mapserver 4.10.0
Osgeo Mapserver 5.4.0
Osgeo Mapserver 4.10.2
Osgeo Mapserver 4.10.3
Osgeo Mapserver 4.8.0
Osgeo Mapserver 5.6.0
Osgeo Mapserver 4.2.0
Umn Mapserver 5.6.4
Umn Mapserver 5.6.5
Umn Mapserver 5.6.6
Osgeo Mapserver
Osgeo Mapserver 5.4.1
Osgeo Mapserver 4.4.0
Osgeo Mapserver 4.6.0
Umn Mapserver 6.0.0
Osgeo Mapserver 5.4.2
Osgeo Mapserver 5.6.3
Umn Mapserver 5.2.2
Umn Mapserver 5.6.7
1 EDB exploit
7.5
CVSSv2
CVE-2011-2703
Multiple SQL injection vulnerabilities in MapServer prior to 4.10.7, 5.x prior to 5.6.7, and 6.x prior to 6.0.1 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
Osgeo Mapserver 4.10.3
Osgeo Mapserver 4.10.1
Osgeo Mapserver 4.8.0
Osgeo Mapserver 4.6.0
Osgeo Mapserver 4.10.0
Osgeo Mapserver 4.10.2
Osgeo Mapserver 4.4.0
Osgeo Mapserver 4.10.5
Osgeo Mapserver 4.10.4
Osgeo Mapserver 4.2.0
Osgeo Mapserver
Osgeo Mapserver 5.2.0
Osgeo Mapserver 5.0.0
Osgeo Mapserver 5.4.0
Osgeo Mapserver 5.6.1
Osgeo Mapserver 5.6.3
Osgeo Mapserver 5.4.2
Osgeo Mapserver 5.6.0
Umn Mapserver 5.2.3
Osgeo Mapserver 5.2.1
Osgeo Mapserver 5.4.1
Umn Mapserver 5.6.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »