CVE-2026-6231 bson_validate may skip validation when processing certain inputs

The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...

CVE-2026-6231

The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...

MiracleLinux 8 : xmlrpc-c-1.51.0-5.el8.1 (AXSA:2022-3167:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3167:01 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 Tenable has extracted the preceding description block...

EUVD-2008-7233

Malware in sbrugna...

EUVD-2022-48406

Malicious code in bioql PyPI...

CVE-2008-7280

Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System OTRS before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service e-mail retrieval outage via a crafted message...

Critical: xmlrpc-c

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

CVE-2022-45540

EyouCMS = 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char...

RHEL 6 : expat (RHSA-2022:1309)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1309 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code...

RHEL 8 : expat (RHSA-2022:1012)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1012 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Critical: expat

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

MGASA-2022-0081 Updated expat packages fix security vulnerability

Passing malformed 2- and 3-byte UTF-8 sequences e.g. from start tag names to the XML processing application on top of Expat can cause arbitrary damage e.g. code execution depending on how invalid UTF-8 is handled inside the XML processor; validation was not their job but Expat's. Exploits with co...

Directory Traversal

cabextract is vulnerable to directory traversal. Lack of proper checking for leading slashes when extracting files allows remote attackers to perform directory traversal attacks via a malformed UTF-8 characters that are changed to a UTF-8 encoded slash...

SUSE-SU-2020:2687-1 Security update for less

This update for less fixes the following issues: Security issue fixed: - CVE-2014-9488: Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access bsc921719...

Huawei EulerOS: Security Advisory for less (EulerOS-SA-2020-1770)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-9488

CVE-2014-9488 affects the is_utf8_well_formed() function in GNU less up to version 475, enabling an out-of-bounds read via malformed UTF-8 data. Connected advisories report this as a fixed issue in various distributions (e.g., SUSE/SUSE-SU-2020:2687-1; Mageia MGASA-2015-0139; openSUSE updates; Eu...

MGASA-2015-0139 Updated less packages fix CVE-2014-9488

Updated less package fixes security vulnerability: Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access CVE-2014-9488...

CVE-2008-7280

Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System OTRS before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service e-mail retrieval outage via a crafted message...

Fedora Core 11 FEDORA-2009-12716 (expat)

The remote host is missing an update to expat announced via advisory FEDORA-2009-12716. OpenVAS Vulnerability Test $Id: fcore200912716.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12716 expat Authors: Thomas Reinke Copyright: Copyright c 2009...