Malicious code in instaread (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 792748013463fb0303ff6033b47dcb48c23dc944d5075a8859b6997eafd47a56 The file bc2556d1c1ea2a2d00.js contains an AdWare LNKR, this file is included in readarticle.html template and effectively used when the user requests to see t...

UBUNTU-CVE-2024-9029

A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the readiptcprofile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library,...

PT-2024-24958 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a possible out of bounds write in the circ read function of link device memory legacy.c due to an incorrect bounds check. This...

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...

PT-2024-6196 · Unknown +2 · Hdf5 Library +2

Name of the Vulnerable Software and Affected Versions: HDF5 Library versions 1.14.3 and earlier Description: The issue is related to a heap-based buffer overflow in the H5HG read function in H5HG.c, which is called from H5VL native blob get in H5VLnative blob.c. This results in the corruption of...

PT-2024-40699 · Matio · Matio

Name of the Vulnerable Software and Affected Versions: Matio affected versions not specified Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. This can lead to a crash. The error is specifically...

PT-2024-18164 · Paddlepaddle · Paddlepaddle/Paddle

Name of the Vulnerable Software and Affected Versions: paddlepaddle/paddle version 2.6.0 Description: The issue allows for arbitrary file read via the paddle.vision.ops.read file function. Recommendations: For paddlepaddle/paddle version 2.6.0, consider restricting access to the read file functio...

CVE-2024-28568

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the readiptcprofile function when reading images in TIFF format...

CVE-2022-48630

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - fix infinite loop on requests not multiple of WORDSZ The commit referenced in the Fixes tag removed the 'break' from the else branch in qcomrngread, causing an infinite loop whenever 'max' is not a multiple of...

CVE-2024-1130

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...

CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...

ehttp Security Vulnerabilities

ehttp is a library by the Chinese developer hongliuliao. A security vulnerability exists in versions prior to ehttp 1.0.6, which stems from a post-release reuse in the readfunc function in epollsocket.cpp, resulting in memory corruption...

PT-2023-35548 · Git +1 · Igraph

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including igraph strvector set len, igraph strvect...

SAP Host Agent Information Disclosure Vulnerability (CNVD-2023-65176)

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An information disclosure vulnerability exists in SAP Host Agent that stems from a lack of authenticatio...

SAP Host Agent 授权问题漏洞

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An information disclosure vulnerability exists in SAP Host Agent that stems from a lack of authenticatio...

Denial Of Service (DoS)

github.com/corazawaf/coraza is vulnerable to Denial Of Service DoS. The vulnerability exists in the Read function of multipart.go due to misuse of the log.Fatalf function, which allows an attacker to cause an application crash by providing maliciously crafted requests...

CVE-2023-35862

libcoap 4.3.1 contains a buffer over-read via the function coapparseoscoreconfmem at coaposcore.c...

CVE-2023-33719

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read at atomsdp.cpp...

CVE-2020-19692

Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njsmoduleread in the njsmodule.c file...