Lucene search
+L

119 matches found

nvd
nvd
added 2025/11/14 7:16 p.m.5 views

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

8.6CVSS0.00291EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/11/14 12:0 a.m.3 views

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

7.5AI score0.00291EPSS
Exploits1References1
cve
cve
added 2025/11/14 12:0 a.m.19 views

CVE-2025-63680

Nero BackItUp (Nero Productline) is affected by a path parsing/UI rendering flaw (CWE-22) that, in conjunction with Windows ShellExecuteW fallback extension resolution, enables arbitrary code execution when a user clicks a crafted entry. The mechanism: create a trailing-dot folder and place a scr...

8.6CVSS7.5AI score0.00291EPSS
Exploits1References1Affected Software1
nessus
nessus
added 2025/11/13 12:0 a.m.7 views

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-27779)

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's cookie engine can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...

5.3CVSS6.6AI score0.02414EPSS
Exploits1References4
nessus
nessus
added 2025/11/13 12:0 a.m.5 views

Siemens SIMATIC S7-1500 Cleartext Transmission of Sensitive Information (CVE-2022-30115)

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

4.3CVSS6.7AI score0.01118EPSS
Exploits1References4
osv
osv
added 2025/11/11 6:34 p.m.3 views

SUSE-SU-2025:3681-1 Security update for go1.25

This update for go1.25 fixes the following issues: go1.25.3 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1244485 CVE-2025-58187 go75861 crypto/x509: TLS validation fails for FQDNs with trailing dot go75777 spec: Go1.25 spec should be dated closer to actual release date Furthe...

7.5CVSS6.5AI score0.00384EPSS
Exploits0References3
suse
suse
added 2025/10/20 1:12 p.m.5 views

Security update for go1.24

This update for go1.24 fixes the following issues: go1.24.9 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1236217 crypto/x509: TLS validation fails for FQDNs with trailing dot go1.24.8 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509,...

8.8CVSS6.3AI score0.00626EPSS
Exploits0References42
suse
suse
added 2025/10/20 12:46 p.m.5 views

Security update for go1.25

This update for go1.25 fixes the following issues: go1.25.3 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1244485 go75861 crypto/x509: TLS validation fails for FQDNs with trailing dot go75777 spec: Go1.25 spec should be dated closer to actual release date Further fixups to the...

6.9AI score
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-2842

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00967EPSS
Exploits0References5
nessus
nessus
added 2025/08/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2005-0837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . dot...

5CVSS7.9AI score0.0245EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/05/22 6:19 p.m.9 views

CVE-2021-21682

Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows...

4.3CVSS6.7AI score0.00967EPSS
Exploits0References1
code423n4
code423n4
added 2023/04/28 12:0 a.m.8 views

Fully qualified domain names are incorrectly resolved

Lines of code Vulnerability details Impact A relative domain name like foo.eth becomes fully qualified if it ends with a dot, e.g. foo.eth., although this might seem unfamiliar to some, it's the standard and part of the DNS specification, see Fully qualified domain name, Trailing Dots in Domain...

6.9AI score
Exploits0
amazon
amazon
added 2023/03/22 12:0 a.m.3 views

Medium: curl

Issue Overview: A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or...

9.8CVSS9.2AI score0.3197EPSS
Exploits18
susecve
susecve
added 2023/02/15 6:18 a.m.8 views

SUSE CVE-2005-0837

IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . dot...

5CVSS7AI score0.0245EPSS
Exploits1References2
susecve
susecve
added 2023/02/15 6:17 a.m.5 views

SUSE CVE-2005-3007

Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." dot, which might allow remote attackers to trick users into processing dangerous content...

2.6CVSS6.9AI score0.02996EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-1824

Buffer overflow in the phpstreamfiltercreate function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service application crash via a php://filter/ URL that has a name ending in the '.' character...

5.1CVSS7.2AI score0.02619EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 6:10 a.m.5 views

SUSE CVE-2007-5473

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing 1 space or 2 dot, which is not properly handled by XSP...

5CVSS7.1AI score0.01251EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 5:52 a.m.7 views

SUSE CVE-2011-2362

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...

5CVSS6.9AI score0.01777EPSS
Exploits1References8
susecve
susecve
added 2023/02/15 5:22 a.m.4 views

SUSE CVE-2015-0832

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . dot character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...

5CVSS8.6AI score0.01052EPSS
Exploits0References5
susecve
susecve
added 2023/02/15 5:1 a.m.4 views

SUSE CVE-2016-5180

Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds write or possibly execute arbitrary code via a hostname with an escaped trailing dot...

9.8CVSS8.3AI score0.08583EPSS
Exploits0References6
Rows per page
Query Builder