119 matches found
CVE-2025-63680
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...
CVE-2025-63680
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...
CVE-2025-63680
Nero BackItUp (Nero Productline) is affected by a path parsing/UI rendering flaw (CWE-22) that, in conjunction with Windows ShellExecuteW fallback extension resolution, enables arbitrary code execution when a user clicks a crafted entry. The mechanism: create a trailing-dot folder and place a scr...
Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-27779)
libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's cookie engine can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...
Siemens SIMATIC S7-1500 Cleartext Transmission of Sensitive Information (CVE-2022-30115)
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...
SUSE-SU-2025:3681-1 Security update for go1.25
This update for go1.25 fixes the following issues: go1.25.3 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1244485 CVE-2025-58187 go75861 crypto/x509: TLS validation fails for FQDNs with trailing dot go75777 spec: Go1.25 spec should be dated closer to actual release date Furthe...
Security update for go1.24
This update for go1.24 fixes the following issues: go1.24.9 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1236217 crypto/x509: TLS validation fails for FQDNs with trailing dot go1.24.8 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509,...
Security update for go1.25
This update for go1.25 fixes the following issues: go1.25.3 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1244485 go75861 crypto/x509: TLS validation fails for FQDNs with trailing dot go75777 spec: Go1.25 spec should be dated closer to actual release date Further fixups to the...
EUVD-2022-2842
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2005-0837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . dot...
CVE-2021-21682
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows...
Fully qualified domain names are incorrectly resolved
Lines of code Vulnerability details Impact A relative domain name like foo.eth becomes fully qualified if it ends with a dot, e.g. foo.eth., although this might seem unfamiliar to some, it's the standard and part of the DNS specification, see Fully qualified domain name, Trailing Dots in Domain...
Medium: curl
Issue Overview: A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or...
SUSE CVE-2005-0837
IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . dot...
SUSE CVE-2005-3007
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." dot, which might allow remote attackers to trick users into processing dangerous content...
SUSE CVE-2007-1824
Buffer overflow in the phpstreamfiltercreate function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service application crash via a php://filter/ URL that has a name ending in the '.' character...
SUSE CVE-2007-5473
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing 1 space or 2 dot, which is not properly handled by XSP...
SUSE CVE-2011-2362
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...
SUSE CVE-2015-0832
Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . dot character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...
SUSE CVE-2016-5180
Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds write or possibly execute arbitrary code via a hostname with an escaped trailing dot...