16 matches found
CLSA-2026-1779462193 Fix CVE(s): CVE-2026-33515
SECURITY UPDATE: out-of-bounds read when handling malformed ICP traffic - debian/patches/CVE-2026-33515.patch: validate ICP packet sizes and URLs in icpGetUrl; reject non-NUL-terminated URLs, URLs with embedded NULs or trailing garbage; guard icpHandleUdp against a nil icpOutgoingConn pointer -...
jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
...
PT-2026-40278
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb convert encoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
CVE-2026-43895
jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...
CVE-2026-41256
The CVE affects jq up to version 1.8.1. Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by � and arbitrary suffix compiles and executes as only the prefix before the NUL, leading to a ...
CVE-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
CVE-2026-6104
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
CLSA-2026-1778142360 jq: Fix of 2 CVEs
CVE-2026-33947: limit path depth in jvsetpath, jvgetpath, and jvdelpaths to prevent stack overflow from deep path arrays - CVE-2026-33948: remove strlen-based length calculation that truncated JSON input at embedded NUL bytes, preventing parser-differential attacks...
OESA-2026-1427 openldap security update
OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing directory services usually phone book style information, but other information is possible over the Internet, similar to the way DNS Domain...
OESA-2022-1877 sqlite security update
SQLite is a C-language library that implements a small, fast, self-contained,high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...
CVE-2021-20223
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
UBUNTU-CVE-2019-19959
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...
SuSE 10 Security Update : w3m (ZYPP Patch Number 7076)
w3m does not handle embedded NUL characters in the common name and in subject alternative names of X.509 certificates CVE-2010-2074. This update fixes the issue and also turns on verification of x509 certificates by default which was not the case before. %NASLMINLEVEL 70300 C Tenable Network...
Fedora Core 11 FEDORA-2009-8815 (neon)
The remote host is missing an update to neon announced via advisory FEDORA-2009-8815. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
CVE-2021-20223
Removed by vendor...