Lucene search
K

9 matches found

CVE
CVE
added 2026/05/13 2:37 p.m.22 views

CVE-2026-44288

CVE-2026-44288 affects protobufjs: prior to versions 7.5.6 and 8.0.2, its minimal UTF-8 decoder accepted overlong UTF-8 byte sequences and decoded them to canonical characters instead of replacing them. If an attacker supplies protobuf binary data decoded through that path, downstream checks that...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/12 3:0 p.m.7 views

Improper Handling of Unicode Encoding

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious...

6.9CVSS5.9AI score0.00301EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/08/07 11:22 p.m.3 views

SUSE CVE-2025-46646

In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954...

2.9CVSS7AI score0.00156EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.1 views

Astra Linux - уязвимость в ghostscript

In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954...

8.4CVSS7AI score0.0055EPSS
Exploits0References2
OSV
OSV
added 2024/10/30 12:0 a.m.1 views

UBUNTU-CVE-2024-46954

An issue was discovered in decodeutf8 in base/gputf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal...

8.4CVSS7.1AI score0.0055EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/10/23 1:24 p.m.4 views

SUSE CVE-2024-46954

An issue was discovered in decodeutf8 in base/gputf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal...

7.8CVSS7AI score0.0055EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.3 views

SUSE CVE-2009-4142

The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by placing a crafted byte sequence before a special...

4.3CVSS6.2AI score0.06497EPSS
Exploits2References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.2 views

SUSE CVE-2009-5017

Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting XSS protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210...

4.3CVSS7.8AI score0.01867EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2010/06/22 10:29 p.m.4 views

Firefox: overlong UTF-8 seqence detection problem

Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting XSS protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210...

4.3CVSS7.2AI score0.01867EPSS
Exploits1References4
Rows per page
Query Builder