Lucene search
K

487 matches found

OSV
OSV
added 2025/05/23 1:59 p.m.5 views

OESA-2025-1534 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.9AI score0.00763EPSS
Exploits0References3
OSV
OSV
added 2025/05/23 1:59 p.m.4 views

OESA-2025-1533 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.9AI score0.00763EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:10 a.m.10 views

CVE-2022-36225

EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery CSRF via the background, column management function and add...

8.8CVSS7.1AI score0.00393EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:20 p.m.4 views

CVE-2022-44387

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Basic Information component under the Edit Member module...

8.8CVSS7.2AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.9 views

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxtutf8decode in nxt/nxtutf8.c. This issue occurs after the fix for CVE-2019-12207 is in place...

9.8CVSS7AI score0.01823EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 a.m.5 views

CVE-2017-8897

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision...

6.1CVSS6AI score0.01159EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/05/16 2:53 a.m.4 views

SUSE CVE-2025-23165

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

5.3CVSS6.9AI score0.0048EPSS
Exploits0References7
Snyk
Snyk
added 2025/05/13 9:0 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ReadFileUtf8 internal binding, which fails to clean up pointers in uvfss.file. UTF-16 path buffers leak memory, which can lead to denial of service. Note: CVE-2025-23122 is a...

6.9CVSS6AI score0.0048EPSS
Exploits0References2
OSV
OSV
added 2025/05/07 9:16 p.m.1 views

DEBIAN-CVE-2025-31177

gnuplot is affected by a heap buffer overflow at function utf8copyone...

5.5CVSS6.5AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 2025/03/18 5:32 p.m.5 views

CLSA-2025-1742319123 java-11-openjdk: Fix of 11 CVEs

Upgrade to openjdk-11.0.26+4. The following CVEs were fixed: - CVE-2024-21131: potential UTF8 size overflow - CVE-2024-21138: excessive symbol length can lead to infinite loop - CVE-2024-21140: range Check Elimination RCE pre-loop limit overflow - CVE-2024-21144: Pack200 increase loading time due...

7.4CVSS6.7AI score0.01257EPSS
Exploits0References1
PyPA
PyPA
added 2025/03/10 2:15 p.m.8 views

PYSEC-2025-159

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The...

9.8CVSS6.8AI score0.00485EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/03/10 2:15 p.m.6 views

UBUNTU-CVE-2025-2152

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The...

9.8CVSS7.4AI score0.00485EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2025/03/05 2:31 a.m.4 views

SUSE CVE-2025-1788

A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rzutf8encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the...

7.8CVSS5.3AI score0.00288EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2006-4573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in the utf8 combining characters handling utf8handlecomb function in encoding.c in screen before 4.0.3 allows user-assisted...

2.6CVSS5.9AI score0.02113EPSS
Exploits1References2
OSV
OSV
added 2025/02/03 8:51 a.m.5 views

SUSE-SU-2025:20029-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2024-7264: ASN.1 date parser overread bsc1228535 - CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 - CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 - CVE-2024-2466: TLS certificate...

8.6CVSS7.1AI score0.36081EPSS
Exploits6References13
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.3 views

PT-2025-5666 · Oatpp · Oatpp

Name of the Vulnerable Software and Affected Versions: oatpp affected versions not specified Description: The issue is related to a heap-buffer-overflow error. Technical details about the error include the escapeUtf8Char and escapeString functions within oatpp::json::Utils, and the serializeStrin...

6.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/12/28 3:49 a.m.2 views

SUSE CVE-2024-53233

In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8load error path utf8load requests the symbol "utf8datatable" and then checks if the requested UTF-8 version is supported. If it's unsupported, it tries to put the data table using symbolput. If an unsupported...

5.5CVSS7.6AI score0.00217EPSS
Exploits0References13
SUSE Linux
SUSE Linux
added 2024/12/17 3:58 p.m.0 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...

8.7CVSS7.8AI score0.00933EPSS
Exploits2References12
OSV
OSV
added 2024/12/04 6:31 p.m.5 views

GHSA-2RXC-GJRP-VJHX Unsoundness in anstream

When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a brok...

7.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/12/04 6:31 p.m.12 views

Unsoundness in anstream

When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a brok...

7.2AI score
Exploits0References3Affected Software1
Rows per page
Query Builder