19 matches found
CVE-2026-35348
The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...
CVE-2026-35373
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
CVE-2026-35373
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
CVE-2026-35348
The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...
PT-2026-34509
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
CVE-2025-59547
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request can be made to upload a...
CVE-2025-59547
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request can be made to upload a...
CVE-2025-59547 DNN's CKEditor File Uploader functionality vulnerable through Unicode obfuscation
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request can be made to upload a...
CVE-2025-59547 DNN's CKEditor File Uploader functionality vulnerable through Unicode obfuscation
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request can be made to upload a...
CVE-2025-59547 DNN's CKEditor File Uploader functionality vulnerable through Unicode obfuscation
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request can be made to upload a...
PT-2025-39199
Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN is an open-source web content management platform. The CKEditor file upload endpoint lacks sufficient filename sanitization, potentially allowing network endpoint probing. A...
httpd security update
2.4.62-4.0.1.4 - Replace index.html with Oracle's index page oracleindex.html. 2.4.62-4.4 - Resolves: RHEL-99949 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade 2.4.62-4.1 - Resolves: RHEL-99972 - CVE-2024-47252 httpd: insufficient escaping of user-supplied data in modssl - Resolves...
PT-2024-32672 · Xz Utils · Xz Utils
Name of the Vulnerable Software and Affected Versions: XZ Utils versions 5.6.2 and older Description: The issue concerns a command line argument injection vulnerability in XZ Utils when built for native Windows. This occurs when Unicode characters in filenames are converted to similar-looking ASC...
Frigate Security Breach
Frigate is a complete local NVR designed for home assistants with AI object detection by Blake Blackshear Personal Developer. A security vulnerability exists in Frigate versions prior to 0.13.2 that stems from the possibility that when uploading a file or retrieving a filename, a user may...
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...
CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...
CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...
Possible Buffer Overrun in smbd
Summary: A possible buffer overrun in smbd could lead to code execution by a remote user Patch Availability A patch for Samba 3.0.7 samba-3.0.7-CAN-2004-0882.patch is available from http://www.samba.org/samba/ftp/patches/security/. The patch has been signed with the "Samba Distribution Verificati...
smbd -- buffer-overrun vulnerability
Caused by improper bounds checking of certain trans2 requests, there is a possible buffer overrun in smbd. The attacker needs to be able to create files with very specific Unicode filenames on the share to take advantage of this issue...