Shodan
Vulnerabilities
Vulnerable Software
Osgeo:  >> Mapserver  >> 5.6.2  Security Vulnerabilities
CVE-2021-32062
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
CVSS Score
5.3
EPSS Score
0.007
Published
2021-05-06
CVE-2010-1678
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-10-29
CVE-2017-5522
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
CVSS Score
9.8
EPSS Score
0.048
Published
2017-03-15
CVE-2016-9839
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-12-08
CVE-2013-7262
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
CVSS Score
6.8
EPSS Score
0.003
Published
2014-01-05
CVE-2011-2975
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
CVSS Score
6.8
EPSS Score
0.028
Published
2011-08-01
CVE-2010-2539
Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.
CVSS Score
2.1
EPSS Score
0.001
Published
2010-08-02
CVE-2010-2540
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.
CVSS Score
10.0
EPSS Score
0.057
Published
2010-08-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved