Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issue CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency bsc1262803. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for python3-pyOpenSSL

This update for python3-pyOpenSSL fixes the following issue CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency bsc1262803. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

OESA-2026-2487 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

Control Web Panel (CWP) - File Inclusion

In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...

OESA-2026-2424 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

Microsoft DirectX NULL Byte Overwrite Vulnerability

Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file...

Security Bulletin: IBM i is Affected by Improper Handling of Special Elements and Improper Neutralization of Null Byte Vulnerabilities in OpenSSH [CVE-2025-61984, CVE-2025-61985]

Summary OpenSSH for IBM i is vulnerable to allowing control characters in usernames CVE-2025-61984 and allowing null bytes in the URI CVE-2025-61985 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control...

CLSA-2026-1779123410 jq: Fix of 8 CVEs

CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...

OPENSUSE-SU-2026:20762-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

SUSE CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

BIT-PHP-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

CVE-2026-41256

The CVE affects jq up to version 1.8.1. Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by � and arbitrary suffix compiles and executes as only the prefix before the NUL, leading to a ...

CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities. These vulnerabilities arise from the top-level jq program loaded via the -f parameter being truncated at the first NUL byte. This can result in the...

OESA-2026-2200 mutt security update

Mutt is a small but very powerful text-based mail client for Unix operating systems. Security Fixes: mutt before version 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest, which may lead to buffer handling issues.CVE-2026-43859 Mutt email client before version 2.3.2...

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...