56 matches found
PYSEC-2026-1034 Segfault in `CompositeTensorVariantToComponents`
Impact An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. python import tensorflow as tf encode = tf.rawops.EmptyTensorListelementdtype=tf.int32, elementshape=10, 15, maxnumelements=2 meta= ""...
Linux Distros Unpatched Vulnerability : CVE-2026-57236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a...
CVE-2026-57236
A flaw was found in Nokogiri, an XML and HTML library for Ruby. When an attacker provides an invalid encoding to the Documentencoding= function, the library frees the document's current encoding string without replacing it. This leaves the document referencing freed memory, which can lead to a...
CVE-2026-57236
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...
CVE-2026-57236 Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...
EUVD-2026-39419
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...
CVE-2026-57236
CVE-2026-57236 affects Nokogiri (Ruby) with the CRuby/libxml2 backend. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., non-string or null byte) frees the current encoding string but does not replace it, leaving the document referencing freed memory. The next call to Do...
PT-2026-52448
Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description In the CRuby libxml2 implementation, calling the Documentencoding= method with an invalid encoding, such as a non-string or a string containing a null byte, triggers an exception. This process occu...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from decoding maliciously constructed MIME headers containing numerous invalid encoding...
CVE-2026-35366
A flaw was found in the printenv utility within uutils coreutils. This vulnerability allows an attacker to conceal malicious environment variables by using invalid UTF-8 byte sequences. As a result, security tools and administrators may not detect these hidden variables, which could enable...
CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
iccDEV 安全漏洞
iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.2 contained security vulnerabilities. These vulnerabilities were caused by type confusion, which led to the loading of invalid icImageEncodingType values,...
CLSA-2025-1764868292 Fix CVE(s): CVE-2025-1094
SECURITY UPDATE: improper neutralization of quoting syntax in libpq functions allows SQL injection via psql in certain usage patterns - debian/patches/CVE-2025-1094.patch: Fix handling of invalidly encoded data in escaping functions - CVE-2025-1094...
EUVD-2019-19272
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-9917
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service crash via invalid encoding. CVE-2019-9917 Note that Nessus relies on the presen...
ALPINE-CVE-2025-27837
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gpmswin.c and base/winrtsup.cpp...
openSUSE Security Advisory (SUSE-SU-2025:0616-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2003-0545
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding...
SUSE CVE-2007-6284
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service infinite loop via XML containing invalid UTF-8 sequences...
SUSE CVE-2019-9917
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service crash via invalid encoding...