AZL-40598 CVE-2024-32620 affecting package hdf5 for versions less than 1.14.4.3-1

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5Faddrdecodelen in H5Fint.c, resulting in the corruption of the instruction pointer...

AZL-40744 CVE-2024-29164 affecting package hdf5 for versions less than 1.14.4-1

HDF5 through 1.14.3 contains a stack buffer overflow in H5Rdecodeheap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

DEBIAN-CVE-2024-29166

HDF5 through 1.14.3 contains a buffer overflow in H5Olinfodecode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

AZL-40603 CVE-2024-29164 affecting package hdf5 for versions less than 1.14.4.3-1

HDF5 through 1.14.3 contains a stack buffer overflow in H5Rdecodeheap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

UBUNTU-CVE-2024-29164

HDF5 through 1.14.3 contains a stack buffer overflow in H5Rdecodeheap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c resulting in the corruption of the instruction pointer.

...

HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

...

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 version 1.14.3 and pri...

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 version 1.14.3 and pri...

RHEL 6 : decode-uri-component (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 Note that Nessus has not tested for...

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...

PT-2024-6197 · Unknown +4 · Hdf5 Library +4

Name of the Vulnerable Software and Affected Versions: HDF5 Library versions prior to 1.14.4 Description: The issue is related to a heap-based buffer over-read in the H5F addr decode len function in the H5Fint.c file of the HDF5 library. This can cause corruption of the instruction pointer. The...

CVE-2024-32664

CVE-2024-32664 affects Suricata before 7.0.5 and 6.0.19, where specially crafted traffic or datasets can cause a limited buffer overflow. The vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include avoiding rules with the base64_decode keyword (bytes option 1, 2, or 5) and, for 7.0.x, set...

CVE-2024-32664

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use...

PT-2024-25861 · Tencent · Libpag

Name of the Vulnerable Software and Affected Versions: Tencent libpag versions prior to 4.3.52 Description: The issue is related to an integer overflow in the checkEndOfFile function of DecodeStream.cpp, which can be triggered by a crafted PAG file. Recommendations: For versions prior to 4.3.52,...

kernel: ip6_vti: fix slab-use-after-free in decode_session6

A use-after-free vulnerability was found in the IPv6 VTI Virtual Tunnel Interface implementation in the Linux kernel. When an IPv6 VTI device uses the SFB Stochastic Fair Blue qdisc, the control block cb field of an skb can be modified during packet enqueuing. The decodesession6 function then rea...

kernel: ip_vti: fix potential slab-use-after-free in decode_session6

A use-after-free flaw was found in the Linux kernel's ipvti IPsec Virtual Tunnel Interface implementation when transmitting IPv6 packets with the SFB qdisc attached. A local user with CAPNETADMIN capability can trigger this issue by configuring an ipvti interface with an SFB qdisc and sending IPv...

PT-2024-40722 · Exiv2 · Exiv2

Name of the Vulnerable Software and Affected Versions: Exiv2 affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the Exiv2::AsfVideo::GUIDTag::GUIDTag, Exiv2::AsfVideo::streamProperties, and...

Fedora 40 : chisel (2023-b29031a7aa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b29031a7aa advisory. Automatic update for chisel-1.9.0-1.fc40. Changelog Sun Aug 20 2023 Filipe Rosset - 1.9.0-1 - Update to 1.9.0 fixes rhbz2113146 rhbz2163065...

RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...