Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osgeo vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2019-25050
netCDF in GDAL 2.4.2 up to and including 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
Osgeo Gdal
445
VMScore
CVE-2021-32062
MapServer prior to 7.0.8, 7.1.x and 7.2.x prior to 7.2.3, 7.3.x and 7.4.x prior to 7.4.5, and 7.5.x and 7.6.x prior to 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded ...
Osgeo Mapserver
Fedoraproject Fedora 33
Fedoraproject Fedora 34
445
VMScore
CVE-2010-1678
Mapserver 5.2, 5.4 and 5.6 prior to 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
Osgeo Mapserver 5.2.0
Osgeo Mapserver 5.4.0
Osgeo Mapserver
605
VMScore
CVE-2019-17546
tif_getimage.c in LibTIFF up to and including 4.0.10, as used in GDAL up to and including 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
Libtiff Libtiff
Osgeo Gdal
668
VMScore
CVE-2019-17545
GDAL up to and including 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
Osgeo Gdal
Oracle Spatial And Graph 19c
Oracle Spatial And Graph 12.2.0.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
668
VMScore
CVE-2017-5522
Stack-based buffer overflow in MapServer prior to 6.0.6, 6.2.x prior to 6.2.4, 6.4.x prior to 6.4.5, and 7.0.x prior to 7.0.4 allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
Debian Debian Linux 8.0
Osgeo Mapserver 7.0.0
Osgeo Mapserver 6.4.1
Osgeo Mapserver 6.4.2
Osgeo Mapserver 6.4.3
Osgeo Mapserver 6.2.0
Osgeo Mapserver
Osgeo Mapserver 7.0.3
Osgeo Mapserver 6.4.4
Osgeo Mapserver 6.4.0
Osgeo Mapserver 7.0.1
Osgeo Mapserver 6.2.1
Osgeo Mapserver 6.2.2
Osgeo Mapserver 6.2.3
Osgeo Mapserver 7.0.2
445
VMScore
CVE-2016-9839
In MapServer prior to 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
Osgeo Mapserver
605
VMScore
CVE-2013-7262
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer prior to 6.4.1, when a WMS-Time service is used, allows remote malicious users to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
Osgeo Mapserver 6.2.1
Umn Mapserver 6.0.0
Umn Mapserver 5.2.3
Osgeo Mapserver 4.10.2
Osgeo Mapserver 4.10.4
Osgeo Mapserver 4.6.0
Osgeo Mapserver 4.8.0
Osgeo Mapserver 5.0.0
Osgeo Mapserver 5.2.1
Osgeo Mapserver 5.4.0
Osgeo Mapserver 5.4.2
Osgeo Mapserver 6.2.0
Osgeo Mapserver 6.0.3
Osgeo Mapserver 6.0.2
Osgeo Mapserver 6.0.1
Osgeo Mapserver 4.10.5
Osgeo Mapserver 4.2.0
Osgeo Mapserver 4.4.0
Osgeo Mapserver 4.10.0
Osgeo Mapserver 5.2.0
Osgeo Mapserver 5.6.1
Osgeo Mapserver 5.6.3
685
VMScore
CVE-2011-2975
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer prior to 6.0.1 might allow remote malicious users to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
Osgeo Mapserver 5.0.0
Osgeo Mapserver 5.2.0
Osgeo Mapserver 5.2.1
Osgeo Mapserver 4.10.0
Osgeo Mapserver 5.4.0
Osgeo Mapserver 4.10.2
Osgeo Mapserver 4.10.3
Osgeo Mapserver 4.8.0
Osgeo Mapserver 5.6.0
Osgeo Mapserver 4.2.0
Umn Mapserver 5.6.4
Umn Mapserver 5.6.5
Umn Mapserver 5.6.6
Osgeo Mapserver
Osgeo Mapserver 5.4.1
Osgeo Mapserver 4.4.0
Osgeo Mapserver 4.6.0
Umn Mapserver 6.0.0
Osgeo Mapserver 5.4.2
Osgeo Mapserver 5.6.3
Umn Mapserver 5.2.2
Umn Mapserver 5.6.7
1 EDB exploit
668
VMScore
CVE-2011-2703
Multiple SQL injection vulnerabilities in MapServer prior to 4.10.7, 5.x prior to 5.6.7, and 6.x prior to 6.0.1 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
Osgeo Mapserver 4.10.3
Osgeo Mapserver 4.10.1
Osgeo Mapserver 4.8.0
Osgeo Mapserver 4.6.0
Osgeo Mapserver 4.10.0
Osgeo Mapserver 4.10.2
Osgeo Mapserver 4.4.0
Osgeo Mapserver 4.10.5
Osgeo Mapserver 4.10.4
Osgeo Mapserver 4.2.0
Osgeo Mapserver
Osgeo Mapserver 5.2.0
Osgeo Mapserver 5.0.0
Osgeo Mapserver 5.4.0
Osgeo Mapserver 5.6.1
Osgeo Mapserver 5.6.3
Osgeo Mapserver 5.4.2
Osgeo Mapserver 5.6.0
Umn Mapserver 5.2.3
Osgeo Mapserver 5.2.1
Osgeo Mapserver 5.4.1
Umn Mapserver 5.6.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »