Lucene search
+L

712 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.10 views

FreeBSD : nginx -- multiple vulnerabilities (46b654f8-6b28-11f1-b8e5-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 46b654f8-6b28-11f1-b8e5-3497f65b111b advisory. The nginx developers report: A heap memory buffer overflow vulnerability when using the...

9.2CVSS6.5AI score0.03552EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.10 views

FreeBSD : nginx -- multiple vulnerabilities (08b0c0f6-6a85-11f1-b8e5-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 08b0c0f6-6a85-11f1-b8e5-3497f65b111b advisory. The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a...

9.2CVSS6.4AI score0.03552EPSS
Exploits4References5
OSV
OSV
added 2026/06/19 8:47 p.m.8 views

GHSA-3J69-69WJ-XQX2 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

Summary ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity...

6.5CVSS5.7AI score0.00272EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/17 2:4 p.m.9 views

CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS6AI score0.00398EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.12 views

nginx -- multiple vulnerabilities

The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a specially crafted QUIC session may allow memory corruption or a segmentation fault in a worker process CVE-2026-42530. A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders...

9.2CVSS5.7AI score0.03552EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.11 views

nginx -- multiple vulnerabilities

The nginx developers report: A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders off;" and "largeclientheaderbuffers" directives with large configured values while proxying a specially crafted request to an HTTP/2 or gRPC backend may allow memory corruption or a...

9.2CVSS5.7AI score0.03552EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.10 views

SUSE SLED15 / SLES15 Security Update : perl-XML-LibXML (SUSE-SU-2026:2324-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2324-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing...

7.5CVSS5.5AI score0.00629EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted...

5.3CVSS6.1AI score0.00301EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-49234

A flaw was found in Routinator. A remote attacker, with access to the API from untrusted networks, could send a specially crafted non-UTF-8 string as a query parameter to the /api/v1/origins endpoint. This action would cause the Routinator application to crash, leading to a denial of service DoS...

8.2CVSS5.9AI score0.00259EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/06/09 2:33 p.m.9 views

Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.2CVSS5.4AI score0.00629EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47777

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists in the ldap utf8prev function where bytes are read before the start of a buffer without proper bounds checking. This leads to a heap buffer over-read during string...

6.3CVSS5.5AI score0.00177EPSS
Exploits0References12
OSV
OSV
added 2026/06/08 3:33 p.m.12 views

GHSA-GC6Q-CWCJ-3VH9 Routinator crashes when sending a maliciously crafted select-asn query parameter

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS5.3AI score0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 12:58 p.m.29 views

CVE-2026-49234

Routinator is affected by CVE-2026-49234 where sending a specifically crafted non-UTF-8 string as the select-asn parameter to the /api/v1/origins endpoint causes the application to crash. Affected component: the API handling for origins; root cause: non-UTF-8 string processing leads to a crash. I...

8.2CVSS5.4AI score0.00259EPSS
Exploits0References1Affected Software1
Amazon
Amazon
added 2026/06/08 12:0 a.m.13 views

Medium: perl-XML-LibXML

Issue Overview: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjace...

7.5CVSS5.5AI score0.00629EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.13 views

Medium: perl-XML-LibXML

Issue Overview: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjace...

7.5CVSS5.5AI score0.00629EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.27 views

PT-2026-47303

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator crashes when a specifically crafted non-UTF-8 string is sent as the select-asn query parameter to the '/api/v1/origins' endpoint. This issue specifically impacts users who permi...

8.2CVSS5.4AI score0.00259EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

Amazon Linux 2 : perl-XML-LibXML, --advisory ALAS2-2026-3342 (ALAS-2026-3342)

The version of perl-XML-LibXML installed on the remote host is prior to 2.0018-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3342 advisory. XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncat...

7.5CVSS5.5AI score0.00629EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.11 views

CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

7.5CVSS5.5AI score0.00629EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-44288

A flaw was found in protobufjs, a library that compiles protobuf definitions into JavaScript functions. An attacker who can provide specially crafted protobuf binary data containing overlong UTF-8 Unicode Transformation Format - 8-bit byte sequences may be able to bypass application-level checks...

5.3CVSS5.1AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/03 11:40 a.m.12 views

CVE-2026-9516

A flaw was found in Cpanel::JSON::XS, a Perl module used for processing JSON data. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted input that begins with a UTF-8 Byte Order Mark BOM. When a decode filter callback encounters an error with...

7.5CVSS5.8AI score0.00361EPSS
Exploits0References2
Rows per page
Query Builder