CVE-2026-35366

A flaw was found in the printenv utility within uutils coreutils. This vulnerability allows an attacker to conceal malicious environment variables by using invalid UTF-8 byte sequences. As a result, security tools and administrators may not detect these hidden variables, which could enable...

CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.2 contained security vulnerabilities. These vulnerabilities were caused by type confusion, which led to the loading of invalid icImageEncodingType values,...

EUVD-2019-19272

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-9917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service crash via invalid encoding. CVE-2019-9917 Note that Nessus relies on the presen...

ALPINE-CVE-2025-27837

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gpmswin.c and base/winrtsup.cpp...

openSUSE Security Advisory (SUSE-SU-2025:0616-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2003-0545

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding...

SUSE CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service infinite loop via XML containing invalid UTF-8 sequences...

SUSE CVE-2019-9917

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service crash via invalid encoding...

SUSE CVE-2019-19451

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's...

Fedora 32 : 1:dia (2020-cbc0754798)

Added upstream patch to avoid infinite loop on filenames with invalid encoding CVE-2019-19451, 1778767 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

Django: Potential memory exhaustion in django.utils.encoding.uri_to_iri()

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

...

OPENSUSE-SU-2020:0021-1 Security update for dia

This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding bsc1158194. This update was imported from the SUSE:SLE-15:Update update project...

MGASA-2020-0022 Updated dia packages fix security vulnerability

Updated dia package fixes security vulnerability: An endless loop on filenames with invalid encoding CVE-2019-19451...

SUSE SLED12 Security Update : dia (SUSE-SU-2019:3390-1)

This update for dia fixes the following issue : CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding bsc1158194. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

SUSE-SU-2019:3391-1 Security update for dia

This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding bsc1158194...

SUSE-SU-2019:3390-1 Security update for dia

This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding bsc1158194...

UBUNTU-CVE-2019-19451

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's...