57 matches found
GDAL 缓冲区错误漏洞
GDAL is an open-source geospatial data abstraction library developed by GDAL. Versions of GDAL 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from a function in the file frmts/hdf4/hdf-eos/GDapi.c called GDfieldinfo, which may lead to out-of-bounds read...
OSGeo gdal 缓冲区错误漏洞
OSGeo GDAL is an open-source geospatial raster and vector data processing library developed by OSGeo. OSGeo GDAL versions 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from a function called memmove in the frmts/hdf4/hdf-eos/SWapi.c file, which is part of...
CVE-2026-8084
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...
PT-2026-38559
Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description A heap-based buffer overflow occurs in the GDnentries function within the frmts/hdf4/hdf-eos/GDapi.c file. This issue is triggered by manipulating the DataFieldName argument and requires the...
JLSEC-2026-300
HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VMmemcpyvv in H5VM.c called from H5Dcompactreadvv in H5Dcompact.c...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the form-data libary
Summary Due to use of the form-data library, DevOps Test Performance and Rational Performance Tester contain a potential HTTP Parameter Pollution HPP vulnerability CVE-2025-7783. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...
CVE-2026-4738
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C. This issue affects gdal: before 3.11.0...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Insufficient Random Values (CVE-2025-7783)
Summary Due to the use of the form-data JavaScript library, IBM watsonx Orchestrate Developer Edition is vulnerable to predictable boundary values CVE-2025-7783 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...
Security Bulletin: IBM Event Processing is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783).
Summary IBM Event Processing is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event listeners tied to form...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2025.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF006, 24.0.1-IF004 and 25.0.0-IF001. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random...
Linux Distros Unpatched Vulnerability : CVE-2019-9151
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VMmemcpyvv in H5VM.c when called from H5Dcompactreadvv ...
FreeBSD : p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness (c323bab5-80dd-11f0-97c4-40b034429ecf)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c323bab5-80dd-11f0-97c4-40b034429ecf advisory. perl-catalyst project reports: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier fo...
MAL-2025-25465 Malicious code in LMX-Data (npm)
The package LMX-Data was found to contain malicious code...
MAL-2025-19826 Malicious code in eslint-config-data-ui (npm)
The package eslint-config-data-ui was found to contain malicious code...
CVE-2025-40920
CVE-2025-40920 affects Catalyst::Authentication::Credential::HTTP (Perl) up to version 1.018, where nonces are generated via Data::UUID, which uses a non-cryptographic source and yields v3 UUIDs. Fedora advisories (FEDORA-2025-6df5ab0b98 and FEDORA-2025-d72429a1f8) indicate the patch upgrades the...
p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness
perl-catalyst project reports: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known...
AZL-65610 CVE-2025-7783 affecting package js-jquery 3.5.0-4
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...
PT-2025-32585
Name of the Vulnerable Software and Affected Versions: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier Description: The software generates nonces using the Perl Data::UUID library, which does not employ a strong cryptographic source for UUID generation. Data::UUID returns v3...
AZL-40580 CVE-2024-33875 affecting package hdf5 for versions less than 1.14.4.3-1
HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5Olayoutencode in H5Olayout.c, resulting in the corruption of the instruction pointer...
HDF Group HDF5 安全漏洞
HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...