20 matches found
SUSE SLES15 Security Update : valkey (SUSE-SU-2026:0848-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0848-1 advisory. Update to version 8.0.7. Security issues fixed: - CVE-2025-67733: data tampering and denial of service via improper null character...
RockyLinux 10 : valkey (RLSA-2026:3443)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3443 advisory. Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts CVE-2025-67733 valkey: Valkey: Denial of Servic...
Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts
A flaw was found in Valkey, a distributed key-value database. A malicious user can exploit this vulnerability by using scripting commands to inject arbitrary information into the response stream. This is caused by improper handling of null characters in the error handling code for Lua scripts...
BIT-VALKEY-2025-67733 Valkey Affected by RESP Protocol Injection via Lua error_reply
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...
Linux Distros Unpatched Vulnerability : CVE-2025-67733
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary...
ALPINE-CVE-2025-67733
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...
MiracleLinux 9 : java-17-openjdk-17.0.7.0.7-1.el9 (AXSA:2023-5309:06)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5309:06 advisory. OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...
CVE-2025-14549 OMR on Z processors Exposing a possible buffer over-read problem
In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL 0x00 characters during the Latin-compatible charset UTF-8, ISO8859-1, ASCII, etc to IBM-1047/037 translation sequence. This can cause the...
EUVD-2006-0907
Malware in sbrugna...
CLSA-2023-1689009395 Fix of 9 CVEs
Backport upstream releases 8u372 to 16.04 LTS CVEs fixed in 8u372: - CVE-2023-21930: Improper connection handling during TLS handshake - CVE-2023-21937: Missing string checks for NULL characters - CVE-2023-21938: Incorrect handling of NULL characters in ProcessBuilder - CVE-2023-21939: Swing HTML...
OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...
OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...
OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...
Asterisk certificate validation bypass
Invalid NULL character handling...
Scientific Linux Security Update : nspr and nss for SL 5.x on i386/x86_64
CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2404 nss regexp heap overflow The packages with this update are identical to the packages released on the 20th of July 2009. They are being reissued as a...
Microsoft Internet Explorer/Opera - Source Code viewer Null Character Handling
Exploit Title: IE/Opera source code viewer Null Character Handling Vulnerability Date: 10/04/2010 Author: Daniel Correa Software Link: http://www.microsoft.com/windows/internet-explorer/default.aspx Software Link: http://www.opera.com/download/ Version: Tested on IE 8, Opera 10.51 Tested on:...
IE/Opera source code viewer Null Character Handling
Exploit for windows platform in category remote exploits =================================================== IE/Opera source code viewer Null Character Handling =================================================== Exploit Title: IE/Opera source code viewer Null Character Handling Vulnerability Dat...
Microsoft Internet ExplorerOpera - Source Code viewer Null Character Handling
Microsoft Internet ExplorerOpera - Source Code viewer Null Character Handling Exploit Title: IE/Opera source code viewer Null Character Handling Vulnerability Date: 10/04/2010 Author: Daniel Correa Software Link: http://www.microsoft.com/windows/internet-explorer/default.aspx Software Link:...
USN-701-1: Thunderbird vulnerabilities
Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Thunderbird could be...
KPMG-2002026: Jrun sourcecode Disclosure
-------------------------------------------------------------------- Title: Jrun sourcecode Disclosure BUG-ID: 2002026 Released: 01st Jul 2002 -------------------------------------------------------------------- Problem: ======== It is possible for a malicious user to trick the Jrun webserver int...