Lucene search
K

53 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

The concurrent use of the URL parser with non-UTF-8 data is not thread-safe. This could lead to a “use-after-free” condition, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

6.5CVSS6.9AI score0.00947EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/08 3:33 p.m.10 views

Routinator crashes when sending a maliciously crafted select-asn query parameter

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS5.2AI score0.00259EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:58 p.m.8 views

CVE-2026-49234

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS5.4AI score0.00259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 12:58 p.m.9 views

CVE-2026-49234 Routinator crashes on specifically crafted ASN strings in the API

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS5.4AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

NLnet Labs Routinator 输入验证错误漏洞

NLnet Labs Routinator is an open-source RPKI routing origin verification service developed by NLnet Labs. NLnet Labs Routinator has a vulnerability related to input validation. This vulnerability arises when a specially crafted non-UTF-8 string is sent as the select-asn query parameter to the...

8.2CVSS5.3AI score0.00259EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.49.0, the String::retain function has a panic security issue. It allows the creation of a non-UTF-8 Rust string when the provided closure panics. This bug could lead to a memory safety violation if other string APIs assume that UTF-8 encoding is us...

7.5CVSS7.4AI score0.01509EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/24 8:32 p.m.9 views

CVE-2026-35348

The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...

5.5CVSS5.2AI score0.00134EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

uutils coreutils has an Improper Handling of Unicode Encoding Issue

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

3.3CVSS5.4AI score0.00143EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.4 views

CVE-2026-35373

A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...

5.5CVSS0.00121EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:9 p.m.5 views

CVE-2026-35373

A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...

3.3CVSS5.7AI score0.00121EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:7 p.m.4 views

CVE-2026-35348

The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...

5.5CVSS5.7AI score0.00134EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34509

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A logic error in the ln utility causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms, such as 'ln SOURCE... DIRECTORY'...

5.5CVSS6AI score0.00121EPSS
Exploits1References13
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability stems from the comm utility, which silently damages data by performing a destructive UTF-8 conversion on all output lines. This...

3.3CVSS5.8AI score0.00176EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-35375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The...

3.3CVSS5.8AI score0.00143EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33064

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.10 Splunk Enterprise versions prior to 9.3.11 Splunk Cloud Platform versions prior to 10.4.2603.0 Splunk Cloud Platfo...

6.6CVSS5.8AI score0.00246EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.8 views

Splunk Enterprise 9.3.0 < 9.3.11, 9.4.0 < 9.4.10, 10.0.0 < 10.0.5, 10.2.0 < 10.2.2 (SVD-2026-0401)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0401 advisory. - In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0,...

6.6CVSS5.8AI score0.00246EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/15 1:25 p.m.4 views

CVE-2025-6966

A flaw was found in python-apt. This vulnerability allows a local attacker to cause a denial of service Denial of Service process crash via a crafted deb822 file with a malformed non-UTF-8 key. Mitigation Mitigation for this issue is either not available or the currently available options do not...

6.9CVSS5.4AI score0.00127EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/05 3:30 p.m.6 views

EUVD-2025-201407

NULL pointer dereference in TagSection.keys in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service process crash via a crafted deb822 file with a malformed non-UTF-8 key...

6.9CVSS5.8AI score0.00127EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/05 12:59 p.m.22 views

CVE-2025-6966 Null-pointer dereference in python-apt TagSection.keys()

NULL pointer dereference in TagSection.keys in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service process crash via a crafted deb822 file with a malformed non-UTF-8 key...

6.9CVSS0.00127EPSS
Exploits1References1
CVE
CVE
added 2025/12/05 12:59 p.m.25 views

CVE-2025-6966

CVE-2025-6966 is a vulnerability in Python-apt on APT-based Linux systems caused by a NULL pointer dereference in TagSection.keys() when processing deb822 files with malformed non-UTF-8 keys. It can lead to a local denial of service (process crash). The issue is reported across multiple distribut...

6.9CVSS5.9AI score0.00127EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder