Approved changes feed: RSS · Atom

cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*

part: a version: 4.10.5 update: *

VendorOsgeo (706646bf-cac0-5b16-9ff6-83d28fd0444b)
ProductMapserver (fdf15dc6-4140-59d1-a297-792a1971f778)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/mapserver/mapserver purl2cpe 2026-06-01 10:12:15.956731
pkg:rpm/fedora/mapserver purl2cpe 2026-06-01 10:12:15.956732
pkg:rpm/opensuse/mapserver purl2cpe 2026-06-01 10:12:15.956734

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2013-7262 vulnerable 2026-06-08 05:05:08.888096 Details available
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
Published: 2014-01-05T20:00:00.000Z
Updated: 2024-08-06T18:01:20.304Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-2975 vulnerable 2026-06-08 04:58:09.893504 Details available
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
Published: 2011-08-01T20:00:00.000Z
Updated: 2024-09-16T22:08:46.606Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-2704 vulnerable 2026-06-08 04:58:08.489806 Details available
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
Published: 2011-08-01T19:00:00.000Z
Updated: 2024-08-06T23:08:23.773Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-2703 vulnerable 2026-06-08 04:58:08.464999 Details available
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
Published: 2011-08-01T19:00:00.000Z
Updated: 2024-08-06T23:08:23.731Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.