Writeup Exploits
63,622 exploits tracked across all sources.
HDF5 < 1.14.6 - Heap-Based Buffer Overflow in H5C__reconstruct_cache_entry
A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS 5.3
HDF5 <1.14.6 - Null Pointer Dereference
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS 3.3
HDF5 < 1.14.6 - Use-After-Free in H5MM_realloc
A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS 3.3
HDF5 < 1.14.6 - Heap-Based Buffer Overflow in H5HL__fl_deserialize
A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS 3.3
HDF5 < 1.14.6 - Heap-Based Buffer Overflow in H5F_addr_encode_len
A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS 3.3
HDF5 < 1.14.6 - Heap-Based Buffer Overflow in H5F__accum_free
A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS 3.3
HDF5 < 1.14.6 - Heap-Based Buffer Overflow in H5FS__sinfo_Srialize_Sct_cb
A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVSS 3.3
HDF5 < 2.0.0 - Use-After-Free in H5FL__blk_gc_list
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS 3.3
HDF5 < 2.0.0 - Heap-Based Buffer Overflow in H5O_msg_flush
A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS 3.3
HDF5 1.14.6 - Heap-Based Buffer Overflow in H5SM_delete Function
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 5.0
HDF5 1.10.4 - Heap-based Buffer Overflow via GIF2H5 Functionality
A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS 7.8
HDF5 1.10.4 - Out-of-bounds Write via GIF File Parsing
An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS 7.8
HDF5 v1.13.1-1 - Denial of Service via Divide By Zero in H5T__complete_copy
A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).
CVSS 6.5
HDF5 1.13.1-1 - Denial of Service via Untrusted Pointer Dereference in H5O__dtype_decode_helper
An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS 6.5
HDF5 v1.13.1-1 - Use-After-Free in H5AC_unpin_entry
HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
CVSS 8.8
HDF5 1.13.1-1 - Denial of Service via Stack-based Buffer Overflow in H5D__create_chunk_file_map_hyper
A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).
CVSS 5.5
HDF5 1.13.1-1 - Denial of Service via Stack-based Buffer Overflow in H5Eint.c
A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
CVSS 5.5
HDF5 1.13.1-1 - Heap-Based Buffer Overflow in H5F_addr_decode_len
A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
CVSS 5.5
HDF5 1.13.1-1 - Denial of Service
HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
CVSS 5.5
HDF5 1.12.0-1.13.0 - Denial of Service via h5tools_str_sprint Buffer Overflow
Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.
CVSS 7.5
HDF5 1.12.0-1.13.0 - Denial of Service via h5tools_str_sprint Buffer Overflow
Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.
CVSS 7.5
matio 1.5.20-1.5.21 - Heap-Based Buffer Overflow via HDF5 Memory Copy
matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry), related to use of HDF5 1.12.0.
CVSS 6.5
Virtua Cobranca < 12r - SQL Injection via Login Page
Virtua Cobranca before 12R allows SQL Injection on the login page.
CVSS 7.5
PEEL Shopping 9.4.0 - Unauthenticated SQL Injection
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
CVSS 9.1
TensorFlow 2.3.0-2.3.3 - Use-After-Free in BoostedTreesCalculateBestGainsPerFeature
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in `BoostedTreesCalculateBestFeatureSplitV2`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not validate the input values. We have patched the issue in GitHub commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
CVSS 7.1
By Source