CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

OpenSSL 1.1.1 < 1.1.1zh Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1zh. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1zh advisory. - Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption...

CVE-2026-49234

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

NLnet Labs Routinator 输入验证错误漏洞

NLnet Labs Routinator is an open-source RPKI routing origin verification service developed by NLnet Labs. NLnet Labs Routinator has a vulnerability related to input validation. This vulnerability arises when a specially crafted non-UTF-8 string is sent as the select-asn query parameter to the...

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39824)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39824 advisory. - NewNTUnicodeString does not check for string length overflow. When provided with a string that...

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

EUVD-2026-31498

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

PT-2026-42829

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The NewNTUnicodeString function does not check for string length overflow. When provided with a string that exceeds the maximum size of a NTUnicodeString a 16-bi...

Astra Linux – Vulnerability in ntfs-3g

In NTFS-3G versions before version 2021.8.22, when a specially crafted Unicode string is provided in an NTFS image, a heap buffer overflow may occur, allowing code execution...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.49.0, the String::retain function has a panic security issue. It allows the creation of a non-UTF-8 Rust string when the provided closure panics. This bug could lead to a memory safety violation if other string APIs assume that UTF-8 encoding is us...

JLSEC-2026-58

An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp...

MiracleLinux 8 : nodejs:12 (AXSA:2020-282:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-282:01 advisory. ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 Modularity name: nodejs Stream name: 12 Tenable has extracted the preceding description block...

gix-date can create non-utf8 string with `TimeBuf::as_str`

The function gixdate::parse::TimeBuf::asstr can create an illegal string containing non-utf8 characters. This violates the safety invariant of TimeBuf and can lead to undefined behavior when consuming the string. The bug can be prevented by adding str::fromutf8 to the function TimeBuf::write...

EUVD-2015-3830

Malware in sbrugna...

EUVD-2012-3794

Malware in sbrugna...