Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from creating ed25519.PrivateKey by forced conversion of format-errorsed bytes in the...

GHSA-HWHF-8P2F-45WR coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

CVE-2026-35366 uutils coreutils printenv Security Inspection Bypass via UTF-8 Enforcement

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

CVE-2026-35346

The CVE-2026-35346 entry concerns the uutils coreutils comm implementation; it is affected by a flaw where the program uses String::from_utf8_lossy() and, as a result, applies lossy UTF-8 conversion to all output lines. This causes data corruption when comparing binary files or files with non-UTF...

SUSE CVE-2009-1885

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...

Ubuntu: Security Advisory (USN-5613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5613-1: Vim vulnerabilities

It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2022-0943 It was discovered that Vim was using freed memory when dealing with regula...

CLSA-2022-1653006752 Fixed CVEs in vim: CVE-2022-1620, CVE-2022-1616, CVE-2022-1629, CVE-2022-1621, CVE-2022-1619

CVE-2022-1619: fix going before the command line start with latin1 encoding - CVE-2022-1620: fix NULL pointer dereference when using invalig regexp - CVE-2022-1621: fix to avoid adding invalid bytes with :spellgood - CVE-2022-1629: fix reading past end of line if ended with trailing backslash -...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested...