8512 matches found
SUSE CVE-2025-2310
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...
CVE-2025-2310
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...
AZL-58806 CVE-2025-2310 affecting package hdf5 for versions less than 1.14.6-1
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...
AZL-58825 CVE-2025-2310 affecting package hdf5 for versions less than 1.14.6-1
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...
DEBIAN-CVE-2025-2310
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...
UBUNTU-CVE-2025-2310
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...
CVE-2025-2310
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...
CVE-2025-2310 HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...
CVE-2025-2310
CVE-2025-2310 affects HDF5 1.14.6 and earlier, specifically the H5MM_strndup function in the Metadata Attribute Decoder. The vulnerability is a heap-based buffer overflow exploitable with local access; the exploit has been disclosed publicly. Several connected sources note a patch is available in...
Amazon Linux 2 : kernel, --advisory ALAS2-2024-2696 (ALAS-2024-2696)
The version of kernel installed on the remote host is prior to 4.14.355-271.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2696 advisory. In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow...
PT-2025-11056 · Google · Android
Name of the Vulnerable Software and Affected Versions: sdp server affected versions not specified Description: A use after free issue exists in the process service search attr req function within sdp server.cc. This could lead to remote code execution without requiring additional privileges or us...
Fedora 41 : python-jinja2 (2025-cd7f5876b2)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-cd7f5876b2 advisory. Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. Tenable has...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to HTML attribute injection due to Jinja package (CVE-2024-22195)
Summary Jinja is used by DataStage on Cloud Pak for Data as part of HTML templating. Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitra...
Sandbox Bypass
Jinja is vulnerable to sandbox bypass. The vulnerability is due to an oversight in how the Jinja sandboxed environment interacts with the |attr filter, allowing attackers to execute arbitrary code execution ACE by bypassing the sandbox's attribute lookup...
Jinja sandbox breakout through attr filter selecting format method
...
OTRS 安全漏洞
OTRS is a service management solution from OTRS Germany. A security vulnerability exists in OTRS that stems from the lack of a sensitive cookie setting attribute that could lead to session hijacking...
SUSE CVE-2025-21840
In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault...
CVE-2025-21840
In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault...
UBUNTU-CVE-2025-21840
In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault...
CVE-2025-21840 thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header
In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault...