Lucene search
K

1154 matches found

SUSE Linux
SUSE Linux
added 2026/06/03 3:31 p.m.6 views

Security update for python3-pyOpenSSL

This update for python3-pyOpenSSL fixes the following issue CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency bsc1262803. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6.8CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/03 3:31 p.m.8 views

SUSE-SU-2026:2259-1 Security update for python3-pyOpenSSL

This update for python3-pyOpenSSL fixes the following issue - CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency bsc1262803...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/03 9:17 a.m.5 views

OPENSUSE-SU-2026:20897-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issue - CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency bsc1262803...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/03 9:16 a.m.6 views

SUSE-SU-2026:22025-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issue - CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency bsc1262803...

5.4AI score
Exploits0References3
OSV
OSV
added 2026/05/29 1:34 p.m.10 views

OESA-2026-2487 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS
Exploits7References8
OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2424 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS
Exploits7References8
CISA KEV Catalog
CISA KEV Catalog
added 2026/05/20 12:0 a.m.6 views

Microsoft DirectX NULL Byte Overwrite Vulnerability

Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file...

9.3CVSS6.2AI score0.50926EPSS
In wildExploits7
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 8:52 p.m.21 views

Security Bulletin: IBM i is Affected by Improper Handling of Special Elements and Improper Neutralization of Null Byte Vulnerabilities in OpenSSH [CVE-2025-61984, CVE-2025-61985]

Summary OpenSSH for IBM i is vulnerable to allowing control characters in usernames CVE-2025-61984 and allowing null bytes in the URI CVE-2025-61985 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control...

3.6CVSS6.8AI score0.00211EPSS
Exploits2Affected Software6
OSV
OSV
added 2026/05/18 4:56 p.m.9 views

CLSA-2026-1779123410 jq: Fix of 8 CVEs

CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...

7.5CVSS5.9AI score0.00366EPSS
Exploits7References1
OSV
OSV
added 2026/05/17 8:16 p.m.6 views

OPENSUSE-SU-2026:20762-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00813EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.11 views

SUSE CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References3
OSV
OSV
added 2026/05/12 8:55 a.m.9 views

BIT-PHP-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/11 6:16 p.m.11 views

CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:18 p.m.12 views

CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

6.3CVSS5.9AI score0.00256EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/05/11 5:18 p.m.43 views

CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

5.5CVSS0.00158EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/11 5:18 p.m.11 views

CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

6.3CVSS5.9AI score0.00256EPSS
Exploits2References1
CVE
CVE
added 2026/05/11 5:18 p.m.30 views

CVE-2026-41256

The CVE affects jq up to version 1.8.1. Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by � and arbitrary suffix compiles and executes as only the prefix before the NUL, leading to a ...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities. These vulnerabilities arise from the top-level jq program loaded via the -f parameter being truncated at the first NUL byte. This can result in the...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References1
OSV
OSV
added 2026/05/09 12:30 p.m.13 views

OESA-2026-2200 mutt security update

Mutt is a small but very powerful text-based mail client for Unix operating systems. Security Fixes: mutt before version 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest, which may lead to buffer handling issues.CVE-2026-43859 Mutt email client before version 2.3.2...

3.7CVSS5.9AI score0.00201EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.9 views

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

5.8AI score0.00588EPSS
Exploits0References4
Rows per page
Query Builder