Lucene search
+L

201 matches found

cnnvd
cnnvd
added 2023/04/11 12:0 a.m.3 views

Mozilla Firefox ESR 代码问题漏洞

Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR versions prior to 102.10, which stems from a truncated filename if the filename contains NULL characters when processi...

8.8CVSS8.2AI score0.00737EPSS
Exploits0References13
susecve
susecve
added 2023/02/15 6:20 a.m.2 views

SUSE CVE-2004-0595

The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...

6.8CVSS6.3AI score0.45159EPSS
Exploits3References4
susecve
susecve
added 2023/02/15 6:15 a.m.4 views

SUSE CVE-2006-2563

The cURL library libcurl in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters...

2.1CVSS7AI score0.00408EPSS
Exploits1References7
susecve
susecve
added 2023/02/15 5:2 a.m.6 views

SUSE CVE-2016-4913

The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs...

5.5CVSS6.6AI score0.00512EPSS
Exploits0References11
susecve
susecve
added 2023/02/15 4:39 a.m.3 views

SUSE CVE-2017-14108

libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service CPU consumption via a file that begins with many '\0' characters...

7.1CVSS5.6AI score0.02234EPSS
Exploits3References3
susecve
susecve
added 2023/02/15 4:29 a.m.6 views

SUSE CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

3.7CVSS6.9AI score0.07169EPSS
Exploits0References9
osv
osv
added 2022/04/30 6:20 p.m.22 views

GHSA-XMF4-J3J7-XJ7Q Apache Tomcat DoS Via Requests Including Null Characters

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service resource exhaustion via a large number of requests to the server with null characters, which causes the working threads to hang...

5CVSS6.6AI score0.07854EPSS
Exploits0References8
github
github
added 2022/04/30 6:20 p.m.21 views

Apache Tomcat DoS Via Requests Including Null Characters

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service resource exhaustion via a large number of requests to the server with null characters, which causes the working threads to hang...

5CVSS7AI score0.07854EPSS
Exploits0References9Affected Software1
cnnvd
cnnvd
added 2022/01/26 12:0 a.m.4 views

Google protobuf 代码问题漏洞

Google protobuf is a data interchange format from Google, Inc. A code issue vulnerability exists in Google protobuf that stems from Nullptr dereferencing when null characters are present in the original symbol. The symbols are parsed incorrectly, resulting in an unchecked call to the name of the...

6.5CVSS6.7AI score0.0266EPSS
Exploits0References28
veracode
veracode
added 2021/03/19 1:49 a.m.19 views

OS Command Injection

shescape is vulnerable to OS command injection. The function escapeShellArg does not strip null characters from user-provided input, causing errors and potentially execute arbitrary commands...

7.8CVSS4.9AI score0.00573EPSS
Exploits1References5Affected Software1
veracode
veracode
added 2020/04/10 1:2 a.m.25 views

Denial Of Service (DoS)

dovecot is vulnerable to denial of service. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from...

5CVSS2.9AI score0.0325EPSS
Exploits0References27Affected Software1
veracode
veracode
added 2020/04/10 12:35 a.m.28 views

Man-in-the-Middle (MitM)

curl is vulnerable to man-in-the-middle attack. A null prefix attack caused by incorrect handling of NULL characters in X.509 certificates allows an attacker obtain a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a...

7.5CVSS4.5AI score0.03602EPSS
Exploits0References30Affected Software1
osv
osv
added 2019/08/29 2:15 p.m.1 views

DEBIAN-CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 and Pigeonhole before 0.5.7.2, protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution...

9.8CVSS8.8AI score0.62579EPSS
Exploits1References1
osv
osv
added 2019/08/28 12:0 p.m.2 views

UBUNTU-CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 and Pigeonhole before 0.5.7.2, protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution...

9.8CVSS7.5AI score0.62579EPSS
Exploits1References6
hackerone
hackerone
added 2018/11/25 8:51 p.m.16 views

Ruby: Null character at fnmatch

I confirmed that it will behave unintentionally when null characters are entered in patterns with fnmatch, fnmatch? . log $ ruby -v ruby 2.5.3p105 2018-10-18 revision 65156 x8664-darwin16 $ irb irbmain:001:0 require 'pathname' = true should not be true irbmain:002:0 File.fnmatch"x\0yz", 'x' = tru...

1.4AI score
Exploits0
osv
osv
added 2018/04/16 9:29 p.m.4 views

CVE-2018-10070

A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The...

7.5CVSS5.8AI score0.12987EPSS
Exploits5References2
osv
osv
added 2018/04/03 10:29 p.m.5 views

ALPINE-CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

7.5CVSS6.9AI score0.07169EPSS
Exploits0References1
prion
prion
added 2018/04/03 10:29 p.m.15 views

Directory traversal

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed...

7.5CVSS9.2AI score0.10098EPSS
Exploits0References20Affected Software3
nvd
nvd
added 2018/04/03 10:29 p.m.15 views

CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

7.5CVSS8.5AI score0.07169EPSS
Exploits0References17
attackerkb
attackerkb
added 2018/04/03 10:29 p.m.1 views

CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

7.5CVSS5.4AI score0.07169EPSS
Exploits0References24
Rows per page
Query Builder