Lucene search
+L

13 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.10 views

FreeBSD : nginx -- multiple vulnerabilities (46b654f8-6b28-11f1-b8e5-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 46b654f8-6b28-11f1-b8e5-3497f65b111b advisory. The nginx developers report: A heap memory buffer overflow vulnerability when using the...

9.2CVSS6.5AI score0.03552EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.12 views

nginx -- multiple vulnerabilities

The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a specially crafted QUIC session may allow memory corruption or a segmentation fault in a worker process CVE-2026-42530. A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders...

9.2CVSS5.7AI score0.03552EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-44288

A flaw was found in protobufjs, a library that compiles protobuf definitions into JavaScript functions. An attacker who can provide specially crafted protobuf binary data containing overlong UTF-8 Unicode Transformation Format - 8-bit byte sequences may be able to bypass application-level checks...

5.3CVSS5.1AI score0.00301EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2026/05/14 12:0 a.m.23 views

www/nginx -- Remote Code Execution/DoS

nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...

9.2CVSS6.1AI score0.61469EPSS
Exploits41
OSV
OSV
added 2026/05/13 2:37 p.m.2 views

CVE-2026-44288 protobufjs: Overlong UTF-8 decoding

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/12 3:0 p.m.9 views

NPM: protobufjs has overlong UTF-8 decoding

NPM: protobufjs has overlong UTF-8 decoding vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:0 p.m.24 views

protobufjs has overlong UTF-8 decoding

Summary protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths. The affected decoder accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. The issue concerns overlong encodings and code points outside the...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/04/03 12:7 a.m.10 views

OSV-2026-512 Heap-buffer-overflow in g_utf8_get_char

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=498475244 Crash type: Heap-buffer-overflow READ 1 Crash state: gutf8getchar gmarkupescapetext fuzzmarkupescapetext.c...

5.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.6 views

MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-400:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-400:02 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...

7.5CVSS6.3AI score0.04203EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/01/30 1:30 p.m.11 views

libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict

A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...

8.4CVSS6.2AI score0.00679EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2010/11/12 10:0 p.m.2 views

CVE-2009-5016

Integer overflow in the xmlutf8decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870...

6.8CVSS5.7AI score0.11281EPSS
Exploits2References16
Positive Technologies
Positive Technologies
added 2010/11/12 12:0 a.m.8 views

PT-2010-1171 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.3.4 Description: The issue arises from the utf8 decode function not properly handling non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data. This makes it easier for remote attackers to bypass...

6.8CVSS7AI score0.15103EPSS
Exploits14References61
RedHat Linux
RedHat Linux
added 2009/01/13 9:39 p.m.9 views

OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications...

7.5CVSS7.2AI score0.03426EPSS
Exploits1References4
Rows per page
Query Builder