15 matches found
Astra Linux - уязвимость в python-rsa
In Python-RSA before version 4.1, leading '\0' bytes are ignored during the decryption of ciphertext. This could potentially have security-related implications, such as allowing an attacker to infer that an application uses Python-RSA. Alternatively, the length of the accepted ciphertext may affe...
php: password_verify can erroneously return true, opening ATO risk
A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...
php: password_verify can erroneously return true, opening ATO risk
A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...
OESA-2024-1668 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
AZL-34453 CVE-2024-25629 affecting package c-ares for versions less than 1.19.1-2
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
AZL-34687 CVE-2024-25629 affecting package fluent-bit for versions less than 3.0.6-1
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
DEBIAN-CVE-2024-25629
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
AZL-34456 CVE-2024-25629 affecting package grpc for versions less than 1.42.0-9
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
AZL-34578 CVE-2024-25629 affecting package c-ares for versions less than 1.30.0-1
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
SUSE CVE-2016-2369
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerabilit...
SUSE CVE-2018-18585
chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...
DEBIAN-CVE-2020-13757
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...
UBUNTU-CVE-2020-13757
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...
javascript: url with a leading NULL byte can bypass cross origin protection.
javascript: url with a leading NULL byte can bypass cross origin protection. Well, it's not exactly StartsWith, but the same thing for all intents and purposes. In BindingDOMWindow::createWindow there's a call to protocolIsJavaScript, which is a thin wrapper over protocolIs, which is basically ju...
Design/Logic Flaw
Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service CPU consumption and crash via an iframe with Javascript that sets the document.location to contain a leading NULL byte \x00 and a 1 res://, 2 about:config, or 3 file:/// URI...