189 matches found
EUVD-2022-4326
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-27837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for...
CVE-2020-19275
An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path...
CLSA-2025-1744710425 Fix CVE(s): CVE-2024-5594
SECURITY UPDATE: Improper PUSHREPLY sanitization allows attackers to inject arbitrary data into third-party executables - debian/patches/CVE-2024-5594.patch: Properly handle null bytes and invalid characters in control - CVE-2024-5594 UPDATE CERTIFICATES: Renew sample keys -...
Security update for openvpn
This update for openvpn fixes the following issues: CVE-2024-5594: Fixed incorrect handling of null bytes and invalid characters in control messages bsc1235147 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
CVE-2025-21910
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that occurs when erroneous symbols sent from userspace get through into useralpha2 via regulatoryhintuser call. Such invalid regulatory...
CVE-2025-21910 wifi: cfg80211: regulatory: improve invalid hints checking
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that occurs when erroneous symbols sent from userspace get through into useralpha2 via regulatoryhintuser call. Such invalid regulatory...
Security update for openvpn
This update for openvpn fixes the following issues: CVE-2024-5594: Fixed handling of null bytes and invalid characters in control messages bsc1235147. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for openvpn
This update for openvpn fixes the following issues: CVE-2024-5594: Fixed handling of null bytes and invalid characters in control messages bsc1235147. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:1053-1 Security update for openvpn
This update for openvpn fixes the following issues: - CVE-2024-5594: Fixed handling of null bytes and invalid characters in control messages bsc1235147...
SUSE CVE-2025-27837
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gpmswin.c and base/winrtsup.cpp...
PT-2025-5746
Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue arises when an attacker manually modifies the CFBundleIdentifier value in the Info.plist file by adding special characters, which are not allowed according to...
CVE-2024-10539
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS. This issue affects Uyumsoft ERP: before Erp4.2109.166p45...
CVE-2024-10539
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS. This issue affects Uyumsoft ERP: before Erp4.2109.166p45...
CVE-2024-10539
Summary: CVE-2024-10539 describes an XSS vulnerability in Uyumsoft ERP caused by improper input neutralization during web page generation. Affected software: Uyumsoft ERP (versions prior to Erp4.2109.166p45). Impact: Cross-site scripting via invalid characters and reflected XSS vectors; details i...
AZL-40369 CVE-2024-34064 affecting package python-jinja2 for versions less than 3.1.2-2
Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...
DEBIAN-CVE-2024-34064
Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...
CVE-2023-32173
The CVE-2023-32173 entry concerns Unified Automation UaGateway: a DoS flaw in the AddServer method where crafted arguments can inject invalid characters into an XML configuration file. The impact is a persistent denial-of-service condition, with network exposure and required authentication when t...
CVE-2023-32173 Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the...
CVE-2023-45715
The console may experience a service interruption when processing file names with invalid characters...