Lucene search
K

56 matches found

OSV
OSV
added last week4 views

PYSEC-2026-1034 Segfault in `CompositeTensorVariantToComponents`

Impact An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. python import tensorflow as tf encode = tf.rawops.EmptyTensorListelementdtype=tf.int32, elementshape=10, 15, maxnumelements=2 meta= ""...

4.8CVSS7.1AI score0.0049EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-57236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a...

8.2CVSS6AI score0.00331EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 5:1 p.m.6 views

CVE-2026-57236

A flaw was found in Nokogiri, an XML and HTML library for Ruby. When an attacker provides an invalid encoding to the Documentencoding= function, the library frees the document's current encoding string without replacing it. This leaves the document referencing freed memory, which can lead to a...

8.2CVSS5.7AI score0.00331EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-57236

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...

8.2CVSS0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:29 p.m.33 views

CVE-2026-57236 Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...

6.3CVSS0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:29 p.m.5 views

EUVD-2026-39419

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...

6.3CVSS5.9AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:29 p.m.21 views

CVE-2026-57236

CVE-2026-57236 affects Nokogiri (Ruby) with the CRuby/libxml2 backend. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., non-string or null byte) frees the current encoding string but does not replace it, leaving the document referencing freed memory. The next call to Do...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52448

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description In the CRuby libxml2 implementation, calling the Documentencoding= method with an invalid encoding, such as a non-string or a string containing a null byte, triggers an exception. This process occu...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from decoding maliciously constructed MIME headers containing numerous invalid encoding...

7.5CVSS5.3AI score0.0056EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/29 10:8 a.m.6 views

CVE-2026-35366

A flaw was found in the printenv utility within uutils coreutils. This vulnerability allows an attacker to conceal malicious environment variables by using invalid UTF-8 byte sequences. As a result, security tools and administrators may not detect these hidden variables, which could enable...

4.4CVSS6AI score0.0017EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:10 a.m.3 views

CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

5.3CVSS5.9AI score0.00447EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.2 contained security vulnerabilities. These vulnerabilities were caused by type confusion, which led to the loading of invalid icImageEncodingType values,...

7.1CVSS5.9AI score0.00253EPSS
Exploits1References5
OSV
OSV
added 2025/12/04 5:11 p.m.7 views

CLSA-2025-1764868292 Fix CVE(s): CVE-2025-1094

SECURITY UPDATE: improper neutralization of quoting syntax in libpq functions allows SQL injection via psql in certain usage patterns - debian/patches/CVE-2025-1094.patch: Fix handling of invalidly encoded data in escaping functions - CVE-2025-1094...

8.1CVSS5.8AI score0.89914EPSS
Exploits10References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-19272

Malware in sbrugna...

6.5CVSS6.7AI score0.03133EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-9917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service crash via invalid encoding. CVE-2019-9917 Note that Nessus relies on the presen...

6.5CVSS6.7AI score0.03133EPSS
Exploits0References2
OSV
OSV
added 2025/03/25 9:15 p.m.4 views

ALPINE-CVE-2025-27837

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gpmswin.c and base/winrtsup.cpp...

9.8CVSS7.1AI score0.00586EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/02/24 12:0 a.m.11 views

openSUSE Security Advisory (SUSE-SU-2025:0616-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.4AI score0.89914EPSS
Exploits10References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.3 views

SUSE CVE-2003-0545

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding...

10CVSS9.8AI score0.85449EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.3 views

SUSE CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service infinite loop via XML containing invalid UTF-8 sequences...

5CVSS6.8AI score0.02566EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.3 views

SUSE CVE-2019-9917

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service crash via invalid encoding...

6.5CVSS6.7AI score0.03133EPSS
Exploits0References6
Rows per page
Query Builder