CVE-2026-39824

In CVE-2026-39824, the issue is in golang.org/x/sys/windows: NewNTUnicodeString does not validate string length against the 16-bit NTUnicodeString size. This can cause an overflow and result in a truncated string instead of an error. Public references indicate the vulnerability affects Go-related...

EUVD-2026-31498

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

DEBIAN-CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

UBUNTU-CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

EUVD-2026-31449

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

GO-2026-5026 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

PT-2026-42829

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The NewNTUnicodeString function does not check for string length overflow. When provided with a string that exceeds the maximum size of a NTUnicodeString a 16-bi...

EUVD-2026-31225

A stack-based buffer overflow via UCS-2 type confusion in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service...

CVE-2026-44048

A stack-based buffer overflow via UCS-2 type confusion in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service...

User Interface (UI) Misrepresentation of Critical Information

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via UrlSanitizer::parse in the...

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-44288 DESCRIPTION: protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder...

Astra Linux - уязвимость в glib2.0

A flaw was discovered in GLib. A integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Issue: Skipping the reallocation of the Unicode buffer when resizing the alternate screen after exiting the alt screen mode. When the enteraltscreen function saves vcunilines into vcsavedunilines and sets vcunilines to NULL, a...

Astra Linux - уязвимость в pypy

Python versions 2.7.x through 2.7.16, and 3.x through 3.7.2 are affected by improper handling of Unicode encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure—credentials, cookies, etc., that are cached against a given hostname. The affected components...