Filtered by vendor Osgeo
Subscribe
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1176 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 10.0 HIGH | N/A |
| mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action. | |||||
| CVE-2009-1177 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors. | |||||
| CVE-2009-2281 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 10.0 HIGH | N/A |
| Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840. | |||||
| CVE-2010-2540 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 10.0 HIGH | N/A |
| mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments. | |||||
| CVE-2010-2539 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 2.1 LOW | N/A |
| Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files. | |||||
| CVE-2011-2703 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support. | |||||
| CVE-2011-2704 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding. | |||||
| CVE-2011-2975 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data. | |||||
| CVE-2010-1678 | 1 Osgeo | 1 Mapserver | 2021-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | |||||
| CVE-2019-17546 | 2 Libtiff, Osgeo | 2 Libtiff, Gdal | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. | |||||