HDF5 Buffer Overflow Vulnerability (CNVD-2019-03454)

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. A heap buffer overflow vulnerability exists in the 'H5Ofillnewdecode' of the H5Ofill.c file in HDF version 51.8.20, which can be...

HDF5 Buffer Overflow Vulnerability (CNVD-2019-03453)

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. A heap buffer overflow vulnerability exists in the 'H5Olayoutdecode' function of the H5Olayout.c file in HDF version 51.8.20,...

DEBIAN-CVE-2018-13869

An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5Olinkdecode in H5Olink.c...

DEBIAN-CVE-2018-13870

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Olinkdecode in H5Olink.c...

UBUNTU-CVE-2018-13869

An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5Olinkdecode in H5Olink.c...

UBUNTU-CVE-2018-13866

An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5Faddrdecodelen in H5Fint.c...

CVE-2018-13348

The mpatchdecode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001...

Ffmpeg 'ff_mpeg4_decode_picture_header' Null Pointer Dereference Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'ffmpeg4decodepictureheader' function in the libavcodec/mpeg4videodec.c file in FFmpeg version 4.0.1, which is caused by the program failing to check...

CVE-2018-1000531

The vulnerability CVE-2018-1000531 affects inversoft prime-jwt prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba, where JWTDecoder.decode can mishandle signature verification (CWE-20). An attacker can craft a JWT with a valid header using the none algorithm and a body that passes validatio...

UBUNTU-CVE-2018-12687

tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h...

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites. So, if you have already cleaned up your hacked Magento...

Libmobi Denial of Service Vulnerability

Libmobi is used to process Mobipocket/Kindle MOBI e-book format document C library . A denial of service vulnerability exists in the mobidecodefontresource function in util.c in Libmobi version 0.3. A remote attacker can exploit this vulnerability via specially crafted mobi files to cause a denia...

FFmpeg 'ff_mpeg4_decode_picture_header' function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'ffmpeg4decodepictureheader' function in the libavcodec/mpeg4videodec.c file in FFmpeg. The vulnerability can be exploited to cause a denial of servic...

tinyexr buffer overflow vulnerability (CNVD-2018-14428)

tinyexr is a small OpenEXR image load/save library. A buffer overflow vulnerability exists in the 'tinyexr::DecodePixelData' function of the tinyexr.h file in version 0.9.5 of tinyexr. An attacker can exploit this vulnerability to cause a buffer out-of-bounds read...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. Remediation There is no fixed version for tinyexr. References - GitHub Issue...

[SECURITY] Fedora 27 Update: nodejs-base64-url-2.2.0-1.fc27

Base64 encode, decode, escape and unescape for URL applications...

[SECURITY] Fedora 28 Update: nodejs-base64-url-2.2.0-1.fc28

Base64 encode, decode, escape and unescape for URL applications...

Mcard Mobile Card Selling Platform 1 Cross Site Request Forgery

Exploit Title: Mcard - Mobile Card Selling Platform 1 - Cross-Site Request Forgery Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested on: Kali linux POC : CSRF POC document.forms0.submit;...

MiniUPnP ngiflib DecodeGifImg' Function Denial of Service Vulnerability

MiniUPnP is a set of UPnP tools developed by MiniUPnP project that can be used in embedded systems. This tool enables devices in home and corporate networks to connect to each other. ngiflib is one of the GIF image format decoding libraries written in C language. A security vulnerability exists i...

HDF5 Out-of-Bounds Read Vulnerability

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. An out-of-bounds read vulnerability exists in the 'H5Ofillnewdecode' and 'H5Ofillolddecode' functions of the H5Ofill.c file in...