Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

SUSE CVE-2023-5171

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...

Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)

import ctypes, struct import argparse from keystone import Exploit Title: Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode 476 Bytes Exploit Author: Senzee Date: 08/29/2023 Platform: Windows X64 Tested on: Windows 11 Home/Windows Server 2022 Standard/Windows Server 2019 Datacenter OS Versi...

Important: python3.11

Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...

Python 3.11.x < 3.11.5, 3.12.0a1 < 3.12.0rc2 Security Bypass Vulnerability - Mac OS X

Python is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

GHSA-J8G2-6FC7-Q8F8 Pyramid static view path traversal up one directory

Impact This impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be...

PSF-2023-9 os.path.normpath() truncates on null bytes

Passing a path with null bytes to the os.path.normpath function causes the returned path to be unexpectedly truncated at the first occurrence of null bytes within the path. Python versions before 3.11.0 didn’t truncate the path on null bytes. If allowlisting is applied before a call to...

DEBIAN-CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

SUSE CVE-2005-4836

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...

SUSE CVE-2011-1929

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox corruption via a crafted e-mail message...

SUSE CVE-2017-11658

In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters .. -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack...

SUSE CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

SUSE CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 and Pigeonhole before 0.5.7.2, protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution...

SUSE CVE-2019-11763

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML...

SUSE CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

SUSE CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

DEBIAN-CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

AZL-44475 CVE-2023-24021 affecting package mod_security for versions less than 2.9.7-8

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

UBUNTU-CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...