Lucene search
K

55 matches found

EUVD
EUVD
added 2026/06/24 6:32 p.m.8 views

EUVD-2026-38891

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: terminate the cached volume label after UTF-8 conversion ntfsfillsuper loads the on-disk volume label with utf16stoutf8s and stores the result in sbi-volume.label. The converted label is later exposed through...

5.7AI score0.00172EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:29 p.m.7 views

CVE-2026-53023

CVE-2026-53023 affects Linux kernel ntfs3: ntfs_fill_super() converts the on-disk volume label from UTF-16 to UTF-8 and stores it in sbi->volume.label, but utf16s_to_utf8s() does not append a NUL terminator. If the converted label fills the fixed buffer, ntfs3_label_show() could read past the ...

5.7AI score0.00172EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in musl

Musl libc versions 0.9.13 through 1.2.5 before 1.2.6 have a out-of-bounds write vulnerability, which means that an attacker can trigger the iconv conversion of untrusted EUC-KR text to UTF-8...

8.1CVSS7.8AI score0.00335EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 6:33 p.m.15 views

JLSEC-2026-263 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file...

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.7AI score0.00444EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS5.2AI score0.00175EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/03/31 10:22 p.m.6 views

EUVD-2026-17723

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS5.9AI score0.00156EPSS
Exploits1References3
OSV
OSV
added 2026/03/20 6:19 p.m.6 views

CLSA-2026-1773999595 compat-openssl11: Fix of CVE-2025-69419

CVE-2025-69419: Fix heap buffer overflow in PKCS12 Unicode to UTF-8 conversion...

7.4CVSS6AI score0.00444EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 2:24 p.m.4 views

OESA-2026-1664 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

7.4CVSS6AI score0.00444EPSS
Exploits1References2
F5 Networks
F5 Networks
added 2026/03/19 3:56 a.m.7 views

K000160399: Node.js vulnerability CVE-2025-59464

Security Advisory Description A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger...

7.5CVSS6.8AI score0.0023EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/03/10 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for libpcap (EulerOS-SA-2026-1246)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

1.9CVSS5.8AI score0.00102EPSS
Exploits0References2
OSV
OSV
added 2026/02/24 5:49 p.m.5 views

CLSA-2026-1771955371 openssl: Fix of CVE-2025-69419

CVE-2025-69419: fix one-byte write-before-buffer triggered by malicious PKCS12 BMPString containing non-ASCII BMP code point; validate UTF8putc return and use correct destination capacity during conversion from UTF-16BE into UTF-8...

7.4CVSS7.2AI score0.00444EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.10 views

Oracle Linux 7 : libsoup (ELSA-2026-0925)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0925 advisory. - Fix CVE-2025-14523 Orabug: 38873507 - Backport patch for CVE-2025-4945 and CVE-2025-11021 Orabug: 38664275 - Fixes CVE-2025-2784 CVE-2025-4948 CVE-2025-32049...

9CVSS6.6AI score0.00798EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.4 views

SUSE SLES12: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:0358-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0358-1 advisory. - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyrespon...

7.5CVSS6.8AI score0.00844EPSS
Exploits1References22
SUSE Linux
SUSE Linux
added 2026/01/30 9:1 a.m.6 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex function...

6.9CVSS5.9AI score0.00844EPSS
Exploits1References28
OSV
OSV
added 2026/01/30 9:1 a.m.2 views

SUSE-SU-2026:0346-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. - CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex functi...

7.5CVSS5.9AI score0.00844EPSS
Exploits1References15
SUSE Linux
SUSE Linux
added 2026/01/29 6:34 p.m.8 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex function...

6.9CVSS5.9AI score0.00844EPSS
Exploits1References28
OSV
OSV
added 2026/01/29 6:34 p.m.1 views

SUSE-SU-2026:0343-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. - CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex functi...

7.5CVSS6.7AI score0.00844EPSS
Exploits1References15
OSV
OSV
added 2026/01/28 5:13 p.m.2 views

SUSE-SU-2026:0331-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. - CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex functi...

7.5CVSS7.1AI score0.00844EPSS
Exploits1References15
OSV
OSV
added 2026/01/28 9:37 a.m.5 views

SUSE-SU-2026:0311-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. - CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with...

9.8CVSS6.1AI score0.47621EPSS
Exploits7References17
OSV
OSV
added 2026/01/27 6:10 p.m.7 views

USN-7980-1 openssl vulnerabilities

Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-11187...

9.8CVSS6.9AI score0.47621EPSS
Exploits7References13
Rows per page
Query Builder