RHEL 10 : openssh (RHSA-2025:23479)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23479 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from TDX/SNP not forcing the mapping of legacy PCI nulls to UCs, which could result in a memory type error...

USN-7648-2 php7.0, php7.2, php7.4 vulnerabilities

USN-7648-1 fixed several vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker...

Malicious code in test-mlw2-wanly-dunno-nulls-jaups (npm)

The package test-mlw2-wanly-dunno-nulls-jaups was found to contain malicious code...

Malicious code in test-mlw1-wanly-dunno-nulls-jaups (npm)

The package test-mlw1-wanly-dunno-nulls-jaups was found to contain malicious code...

Malicious code in test-mlw2-nulls-rumba-idler-moued (npm)

The package test-mlw2-nulls-rumba-idler-moued was found to contain malicious code...

MAL-2025-35887 Malicious code in test-mlw2-nulls-rumba-idler-moued (npm)

The package test-mlw2-nulls-rumba-idler-moued was found to contain malicious code...

MAL-2025-34820 Malicious code in test-mlw1-wanly-dunno-nulls-jaups (npm)

The package test-mlw1-wanly-dunno-nulls-jaups was found to contain malicious code...

MAL-2025-36606 Malicious code in test-mlw2-wanly-dunno-nulls-jaups (npm)

The package test-mlw2-wanly-dunno-nulls-jaups was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2022-48740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of condlist on error paths On error path from condreadlist and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a failure to check for cstream nulls, which could lead to a null pointer dereference...

libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

USN-5615-3 sqlite3 vulnerability

USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash...

SUSE CVE-2024-26864

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix refcnt handling in inethashconnect. syzbot reported a warning in sknullsdelnodeinitrcu. The commit 66b60b0c8c4a "dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished." tried to fix an issue that a...

UBUNTU-CVE-2024-26864

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix refcnt handling in inethashconnect. syzbot reported a warning in sknullsdelnodeinitrcu. The commit 66b60b0c8c4a "dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished." tried to fix an issue that a...

SUSE CVE-2005-4080

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting XSS attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters...

SUSE CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

USN-5615-1 sqlite3 vulnerabilities

It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2020-35525 It was discovered that SQLite incorrectly handled ALTER TABLE for views that...

编号撤回

SQLite is a lightweight database that is an ACID-compliant relational database management system. SQLite has a security vulnerability that stems from the fts5UnicodeTokenize function of its ext/fts5/fts5tokenize.c component that handles unicode " control-characters" class Cc of the unicode61...