USN-8228-1 exim4 vulnerabilities

It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2026-40685 It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could...

CVE-2026-40686

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...

MiracleLinux 7 : glibc-2.17-292.el7 (AXSA:2019-4313:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4313:05 advisory. glibc: getaddrinfo should reject IP addresses with trailing characters CVE-2016-10739 Tenable has extracted the preceding description block directly from the...

EUVD-2006-0820

Malware in sbrugna...

USN-7114-1 glib2.0 vulnerability

It was discovered that Glib incorrectly handled certain trailing characters. An attacker could possibly use this issue to cause a crash or other undefined behavior...

CVE-2024-43402

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

CVE-2024-43402 Rust OS Command Injection/Argument Injection vulnerability

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

SUSE CVE-2016-10739

In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...

PT-2022-16958 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1 Description: The issue allows creating files and folders with leading and trailing , r, t, and v characters. The server rejects these characters when they appear in the...

Directory Traversal

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to Directory Traversal. WEBrick, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files...

glibc: getaddrinfo should reject IP addresses with trailing characters

In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2019:2118 An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

glibc: getaddrinfo should reject IP addresses with trailing characters

In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...

Tencent Video Super Long Character Overflow Vulnerability

Tencent Video Player is the video player client product of Tencent Video. An overflow vulnerability exists in Tencent Video when opening qlv media files by failing to place a length limit on the characters added at the end of the file. An attacker is allowed to exploit this vulnerability to...

CVE-2006-0814

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing 1 "." dot and 2 space characters, which are ignored by Windows, as demonstrated by PHP files...