DEBIAN-CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

EUVD-2026-24980

The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...

CVE-2026-35375

CVE-2026-35375 concerns the uutils coreutils split utility, where a logic error causes output filenames to be corrupted when given non-UTF-8 prefixes/suffixes. The code uses to_string_lossy() to build chunk filenames, which rewrites invalid bytes as the UTF-8 replacement character (U+FFFD). Unlik...

UBUNTU-CVE-2025-6966

NULL pointer dereference in TagSection.keys in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service process crash via a crafted deb822 file with a malformed non-UTF-8 key...

EUVD-2023-31255

Malicious code in bioql PyPI...

PT-2025-49242

Name of the Vulnerable Software and Affected Versions python-apt affected versions not specified Description A flaw exists in python-apt on APT-based Linux systems due to a NULL pointer dereference within the TagSection.keys function. A local attacker can exploit this by providing a specially...

CVE-2023-27488

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...

CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

CVE-2022-41908 `CHECK` fail via inputs in `PyFunc` in Tensorflow

TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also...

CVE-2022-41908 `CHECK` fail via inputs in `PyFunc` in Tensorflow

TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists due to use after free in URL parser with non-UTF-8 data which allows an attacker to cause an application crash via a malicious input...

CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06859)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...

CVE-2022-40960

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Denial Of Service (DoS)

rustc:sid is vulnerable to denial of service. The String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the...

CVE-2020-36317

In the standard library in Rust before 1.49.0, String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sa...

CVE-2021-28667

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...

EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2013)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or...

EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-1858)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or...