53 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
The concurrent use of the URL parser with non-UTF-8 data is not thread-safe. This could lead to a “use-after-free” condition, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
Routinator crashes when sending a maliciously crafted select-asn query parameter
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
CVE-2026-49234
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
CVE-2026-49234 Routinator crashes on specifically crafted ASN strings in the API
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
NLnet Labs Routinator 输入验证错误漏洞
NLnet Labs Routinator is an open-source RPKI routing origin verification service developed by NLnet Labs. NLnet Labs Routinator has a vulnerability related to input validation. This vulnerability arises when a specially crafted non-UTF-8 string is sent as the select-asn query parameter to the...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.49.0, the String::retain function has a panic security issue. It allows the creation of a non-UTF-8 Rust string when the provided closure panics. This bug could lead to a memory safety violation if other string APIs assume that UTF-8 encoding is us...
CVE-2026-35348
The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...
uutils coreutils has an Improper Handling of Unicode Encoding Issue
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
CVE-2026-35373
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
CVE-2026-35373
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
CVE-2026-35348
The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...
PT-2026-34509
Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A logic error in the ln utility causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms, such as 'ln SOURCE... DIRECTORY'...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability stems from the comm utility, which silently damages data by performing a destructive UTF-8 conversion on all output lines. This...
Linux Distros Unpatched Vulnerability : CVE-2026-35375
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The...
PT-2026-33064
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.10 Splunk Enterprise versions prior to 9.3.11 Splunk Cloud Platform versions prior to 10.4.2603.0 Splunk Cloud Platfo...
Splunk Enterprise 9.3.0 < 9.3.11, 9.4.0 < 9.4.10, 10.0.0 < 10.0.5, 10.2.0 < 10.2.2 (SVD-2026-0401)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0401 advisory. - In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0,...
CVE-2025-6966
A flaw was found in python-apt. This vulnerability allows a local attacker to cause a denial of service Denial of Service process crash via a crafted deb822 file with a malformed non-UTF-8 key. Mitigation Mitigation for this issue is either not available or the currently available options do not...
EUVD-2025-201407
NULL pointer dereference in TagSection.keys in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service process crash via a crafted deb822 file with a malformed non-UTF-8 key...
CVE-2025-6966 Null-pointer dereference in python-apt TagSection.keys()
NULL pointer dereference in TagSection.keys in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service process crash via a crafted deb822 file with a malformed non-UTF-8 key...
CVE-2025-6966
CVE-2025-6966 is a vulnerability in Python-apt on APT-based Linux systems caused by a NULL pointer dereference in TagSection.keys() when processing deb822 files with malformed non-UTF-8 keys. It can lead to a local denial of service (process crash). The issue is reported across multiple distribut...