CVE-2025-55113

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

CVE-2025-55113

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

CVE-2025-55113 BMC Control-M/Agent unescaped NULL byte in access control list checks

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

CVE-2025-55113 BMC Control-M/Agent unescaped NULL byte in access control list checks

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

CVE-2025-55113

Summary: CVE-2025-55113 affects BMC/Control-M environments where the ACL check is enforced by the Control-M/Agent and the C router is in use. The vulnerability arises when the verification stops at the first NULL byte in the email address within the client certificate, allowing an attacker to byp...

PT-2025-37943

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Control-M/Agent versions prior to 9.0.18 potentially earlier unsupported versions Description: The Access Control List ACL enforcement in Control-M/Agent can be bypassed when the C router is in...

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M that originates when an email address in a client certificate stops validating when it encounters a NULL byte, whi...

Linux Distros Unpatched Vulnerability : CVE-2019-11936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, a...

PT-2025-38269

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 8.0.1 Description Suricata, a network IDS, IPS and NSM engine, experiences a segmentation fault when processing decoded subjectaltnames containing a NULL byte. This occurs due to the use of the tls.subjectaltname...

Linux Distros Unpatched Vulnerability : CVE-2014-8088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 ZendLdap class in Zend before 1.12.9 and 2 Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass...

Linux Distros Unpatched Vulnerability : CVE-2018-15501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol ng packet that lacks a...

Linux Distros Unpatched Vulnerability : CVE-2021-43860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permission...

CVE-2025-43770

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the referer and FORWARDURL parameters. An attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious payloads using encoded characters and a null-byte %00 in these...

Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

ROS-20250822-24

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

ROS-20250822-23

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

ROS-20250822-21

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

Linux Distros Unpatched Vulnerability : CVE-2025-0825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters \r\n when those are prefixed with a null byte. This enables attackers to exploit CRL...

Linux Distros Unpatched Vulnerability : CVE-2023-41105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at...