487 matches found
OESA-2025-1534 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
OESA-2025-1533 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
CVE-2022-36225
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery CSRF via the background, column management function and add...
CVE-2022-44387
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Basic Information component under the Edit Member module...
CVE-2019-13067
njs through 0.3.3, used in NGINX, has a buffer over-read in nxtutf8decode in nxt/nxtutf8.c. This issue occurs after the fix for CVE-2019-12207 is in place...
CVE-2017-8897
Invision Power Services IPS Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision...
SUSE CVE-2025-23165
In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ReadFileUtf8 internal binding, which fails to clean up pointers in uvfss.file. UTF-16 path buffers leak memory, which can lead to denial of service. Note: CVE-2025-23122 is a...
DEBIAN-CVE-2025-31177
gnuplot is affected by a heap buffer overflow at function utf8copyone...
CLSA-2025-1742319123 java-11-openjdk: Fix of 11 CVEs
Upgrade to openjdk-11.0.26+4. The following CVEs were fixed: - CVE-2024-21131: potential UTF8 size overflow - CVE-2024-21138: excessive symbol length can lead to infinite loop - CVE-2024-21140: range Check Elimination RCE pre-loop limit overflow - CVE-2024-21144: Pack200 increase loading time due...
PYSEC-2025-159
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The...
UBUNTU-CVE-2025-2152
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The...
SUSE CVE-2025-1788
A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rzutf8encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the...
Linux Distros Unpatched Vulnerability : CVE-2006-4573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in the utf8 combining characters handling utf8handlecomb function in encoding.c in screen before 4.0.3 allows user-assisted...
SUSE-SU-2025:20029-1 Security update for curl
This update for curl fixes the following issues: Security issues fixed: - CVE-2024-7264: ASN.1 date parser overread bsc1228535 - CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 - CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 - CVE-2024-2466: TLS certificate...
PT-2025-5666 · Oatpp · Oatpp
Name of the Vulnerable Software and Affected Versions: oatpp affected versions not specified Description: The issue is related to a heap-buffer-overflow error. Technical details about the error include the escapeUtf8Char and escapeString functions within oatpp::json::Utils, and the serializeStrin...
SUSE CVE-2024-53233
In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8load error path utf8load requests the symbol "utf8datatable" and then checks if the requested UTF-8 version is supported. If it's unsupported, it tries to put the data table using symbolput. If an unsupported...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...
GHSA-2RXC-GJRP-VJHX Unsoundness in anstream
When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a brok...
Unsoundness in anstream
When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a brok...