201 matches found
Mozilla Firefox ESR 代码问题漏洞
Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR versions prior to 102.10, which stems from a truncated filename if the filename contains NULL characters when processi...
SUSE CVE-2004-0595
The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...
SUSE CVE-2006-2563
The cURL library libcurl in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters...
SUSE CVE-2016-4913
The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs...
SUSE CVE-2017-14108
libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service CPU consumption via a file that begins with many '\0' characters...
SUSE CVE-2018-8779
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...
GHSA-XMF4-J3J7-XJ7Q Apache Tomcat DoS Via Requests Including Null Characters
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service resource exhaustion via a large number of requests to the server with null characters, which causes the working threads to hang...
Apache Tomcat DoS Via Requests Including Null Characters
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service resource exhaustion via a large number of requests to the server with null characters, which causes the working threads to hang...
Google protobuf 代码问题漏洞
Google protobuf is a data interchange format from Google, Inc. A code issue vulnerability exists in Google protobuf that stems from Nullptr dereferencing when null characters are present in the original symbol. The symbols are parsed incorrectly, resulting in an unchecked call to the name of the...
OS Command Injection
shescape is vulnerable to OS command injection. The function escapeShellArg does not strip null characters from user-provided input, causing errors and potentially execute arbitrary commands...
Denial Of Service (DoS)
dovecot is vulnerable to denial of service. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from...
Man-in-the-Middle (MitM)
curl is vulnerable to man-in-the-middle attack. A null prefix attack caused by incorrect handling of NULL characters in X.509 certificates allows an attacker obtain a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a...
DEBIAN-CVE-2019-11500
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 and Pigeonhole before 0.5.7.2, protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution...
UBUNTU-CVE-2019-11500
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 and Pigeonhole before 0.5.7.2, protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution...
Ruby: Null character at fnmatch
I confirmed that it will behave unintentionally when null characters are entered in patterns with fnmatch, fnmatch? . log $ ruby -v ruby 2.5.3p105 2018-10-18 revision 65156 x8664-darwin16 $ irb irbmain:001:0 require 'pathname' = true should not be true irbmain:002:0 File.fnmatch"x\0yz", 'x' = tru...
CVE-2018-10070
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The...
ALPINE-CVE-2018-8779
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...
Directory traversal
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed...
CVE-2018-8779
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...
CVE-2018-8779
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...