Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11044 | 3 Fedoraproject, Php, Tenable | 3 Fedora, Php, Securitycenter | 2024-11-21 | 3.7 Low |
| In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. | ||||
| CVE-2018-7417 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. | ||||
| CVE-2017-7227 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. | ||||
| CVE-2017-16548 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Rsync | 2024-11-21 | 9.8 Critical |
| The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. | ||||
| CVE-2016-9297 | 1 Libtiff | 1 Libtiff | 2024-11-21 | N/A |
| The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. | ||||
| CVE-2016-5093 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2024-11-21 | N/A |
| The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call. | ||||
| CVE-2015-2058 | 1 Jabberd2 | 1 Jabberd2 | 2024-11-21 | N/A |
| c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID. | ||||
| CVE-2024-31197 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 5.3 Medium |
| Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routineĀ fluid_msg::of10::Port:unpack. This issue affects libfluid: 0.1.0. | ||||