201 matches found
EUVD-2002-0528
Malware in sbrugna...
EUVD-2002-0102
Malware in sbrugna...
EUVD-2006-2563
Malware in sbrugna...
EUVD-2017-5620
Malware in sbrugna...
EUVD-2022-1871
Malicious code in bioql PyPI...
EUVD-2025-21274
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-7043
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do n...
OESA-2025-1889 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
DEBIAN-CVE-2025-1220
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...
CVE-2025-1220 Null byte termination in hostnames
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...
CVE-2005-2239
oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null \0 characters...
OESA-2024-2020 c-ares security update
This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple Security Fixes: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as...
The vulnerability of the Net::CIDR::Lite interpreter for the Perl programming language arises from errors in handling extra null characters at the beginning of an IP address string. This allows a malicious actor to bypass access controls.
The vulnerability of the Net::CIDR::Lite interpreter for the Perl programming language is related to errors in handling extra zero characters at the beginning of an IP address. Exploiting this vulnerability can allow a remote attacker to bypass access controls...
ROS-20240626-07
A vulnerability in the Net::CIDR::Lite module of the Perl programming language interpreter is related to bugs in the handling foreign null characters at the beginning of an IP address string. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access controls...
Buffer Under-read
c-ares is vulnerable to Buffer Under-read. The vulnerability is due to improper handling of embedded NULL characters as the first character in a new line within certain configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and prior to version 1.27.0, the...
Untrusted Search Path
python is vulnerable to Untrusted Search Path. The vulnerability is due to the Pynormpath function which cannot process paths with embedded null characters without truncating the path. If a path containing the \0 byte is passed to os.path.normpath, the path will be truncated unexpectedly at the...
Important: Red Hat Security Advisory: java-1.8.0-ibm security update
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...
CLSA-2023-1688677355 java-1.8.0-openjdk: Fix of 7 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07. That fixes following CVEs: - CVE-2023-21930: Improper connection handling during TLS handshake 8294474 - CVE-2023-21937: Missing string checks for NULL characters 8296622 - CVE-2023-21938: Incorrect handling of NULL characters in...
RLSA-2023:1909 Important: java-1.8.0-openjdk security and bug fix update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...