Lucene search
K

492 matches found

RedHat Linux
RedHat Linux
added 2 days ago5 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago6 views

Important: Red Hat Security Advisory: gnutls and libtasn1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.8CVSS7AI score0.01335EPSS
Exploits2References14
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39533

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-28898

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in c-ares

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and, if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files contains a NULL...

5.5CVSS6.4AI score0.00349EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could lead to reflected file download attacks that potentially trick users into installing malware. This vulnerability affects Firefox 112, Focu...

8.8CVSS7.1AI score0.00737EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in OpenSSH

Using SSH in OpenSSH before version 10.1 allows for the use of the '\0' character in an SSH URI. This could potentially lead to code execution when a ProxyCommand is used...

3.6CVSS6.2AI score0.00114EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.9 views

RHEL 10 : gnutls (RHSA-2026:26409)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26409 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such ...

9.8CVSS6AI score0.01335EPSS
Exploits2References28
RedHat Linux
RedHat Linux
added 2026/05/26 7:4 a.m.9 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 6:51 a.m.17 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

RockyLinux 9 : openssh (RLSA-2025:23480)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23480 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...

3.6CVSS6.8AI score0.00221EPSS
Exploits2References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux - уязвимость в protobuf

Dereferencing a null pointer when a null char is present in a prototype symbol. The symbol is parsed incorrectly, resulting in an unchecked call into the name of the prototype file during the generation of the resulting error message. Since the symbol is incorrectly parsed, the file value is...

6.5CVSS6.6AI score0.0266EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/15 8:2 a.m.10 views

Gnutls: gnutls: authentication bypass via nul character in username

...

9.8CVSS5.8AI score0.0105EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/11 5:24 p.m.46 views

CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

4.4CVSS0.00157EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/07 9:30 p.m.38 views

EUVD-2026-28427

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

5.8AI score0.00588EPSS
Exploits0References5
OSV
OSV
added 2026/05/07 8:16 p.m.3 views

UBUNTU-CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

7.5CVSS5.8AI score0.00588EPSS
Exploits0References8
NVD
NVD
added 2026/05/07 12:16 p.m.24 views

CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS0.0105EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 p.m.12 views

CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

7.1CVSS5.8AI score0.0105EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/05/07 12:0 p.m.14 views

CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References3
OSV
OSV
added 2026/05/04 7:16 a.m.4 views

UBUNTU-CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References2
Rows per page
Query Builder