CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

Security Bulletin: Vulnerabilities in OpenSSH affects IBM Netezza Appliance

Summary The OpenSSH package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-61984, CVE-2025-61985 Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certa...

NewStart CGSL MAIN 7.02 : openssh Multiple Vulnerabilities (NS-SA-2026-0036)

The remote NewStart CGSL host, running version MAIN 7.02, has openssh packages installed that are affected by multiple vulnerabilities: - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. CVE-2025-61985 - ssh ...

MiracleLinux 7 : libmspack-0.5-0.7.alpha.el7 (AXSA:2019-4006:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4006:01 advisory. libmspack: Out-of-bounds write in mspack/cab.h CVE-2018-18584 libmspack: chmdreadheaders fails to reject filenames containing NULL bytes...

CVE-2025-61912

CVE-2025-61912 concerns python-ldap prior to 3.4.5, where ldap.dn.escape_dn_chars() escapes the NUL byte as a backslash-NUL instead of the RFC‑4514 form \00. This can cause client-side denial of service when untrusted input is used to construct DNs, as requests may be dropped before contacting an...

EUVD-2021-21076

Malware in sbrugna...

EUVD-2004-2575

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-46764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btfnamevalidsection If the length of the name string is 1...

BIT-PHP-MIN-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

php: password_verify can erroneously return true, opening ATO risk

A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...

PT-2022-16879 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.1 and prior Description: The issue arises from the comparison of bytestrings, which can yield incorrect results due to the presence of dirty bytes or the lack of length comparison. Specifically, two bytestrings can compare ...

klogd does not adequately handle NULL byte when parsing text using LogLine( )

Overview There is a denial-of-service vulnerability in certain distributions of the Linux kernel logging daemon klogd which could allow an attacker to cause klogd to hang. Description The Linux kernel logging daemon klogd can be forced to hang if it receives a null byte in a log message from the...