Lucene search
K

2832 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in pcre2

A out-of-bounds read was discovered in PCRE before version 10.34, where the pattern \X was JIT-compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, as it could allow an attacker to cause the...

7.5CVSS6.2AI score0.01561EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

In xmltokimpl.c within Expat also known as libexpat, before version 2.4.5, there was no proper validation of encoding. This meant that there were no checks to determine whether a UTF-8 character was valid in a particular context...

9.8CVSS7.4AI score0.04955EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/17 2:4 p.m.4 views

CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS6AI score0.00398EPSS
Exploits0
EUVD
EUVD
added 2026/06/17 2:4 p.m.8 views

EUVD-2026-37719

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS5.6AI score0.00398EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.7 views

nginx -- multiple vulnerabilities

The nginx developers report: A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders off;" and "largeclientheaderbuffers" directives with large configured values while proxying a specially crafted request to an HTTP/2 or gRPC backend may allow memory corruption or a...

9.2CVSS5.7AI score0.02887EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.10 views

nginx -- multiple vulnerabilities

The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a specially crafted QUIC session may allow memory corruption or a segmentation fault in a worker process CVE-2026-42530. A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders...

9.2CVSS5.7AI score0.03299EPSS
Exploits4References1
OSV
OSV
added 2026/06/15 5:3 p.m.3 views

SUSE-SU-2026:2402-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.2AI score0.00531EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : perl-XML-LibXML (SUSE-SU-2026:2324-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2324-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing...

7.5CVSS5.5AI score0.00531EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

openSUSE 16 Security Update : perl-XML-LibXML (openSUSE-SU-2026:20908-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20908-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncat...

7.5CVSS5.6AI score0.00531EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted...

5.3CVSS5.5AI score0.00301EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.10 views

CVE-2026-49234

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS5.5AI score0.00259EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/06/09 2:33 p.m.7 views

Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.2CVSS5.4AI score0.00531EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47777

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists in the ldap utf8prev function where bytes are read before the start of a buffer without proper bounds checking. This leads to a heap buffer over-read during string...

6.3CVSS5.5AI score0.00177EPSS
Exploits0References6
OSV
OSV
added 2026/06/08 3:33 p.m.5 views

GHSA-GC6Q-CWCJ-3VH9 Routinator crashes when sending a maliciously crafted select-asn query parameter

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS5.3AI score0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 3:16 p.m.12 views

CVE-2026-49234

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 12:58 p.m.38 views

CVE-2026-49234 Routinator crashes on specifically crafted ASN strings in the API

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 12:58 p.m.26 views

CVE-2026-49234

Routinator is affected by CVE-2026-49234 where sending a specifically crafted non-UTF-8 string as the select-asn parameter to the /api/v1/origins endpoint causes the application to crash. Affected component: the API handling for origins; root cause: non-UTF-8 string processing leads to a crash. I...

8.2CVSS5.4AI score0.00259EPSS
Exploits0References1Affected Software1
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Medium: perl-XML-LibXML

Issue Overview: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjace...

7.5CVSS5.5AI score0.00531EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47303

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator crashes when a specifically crafted non-UTF-8 string is sent as the select-asn query parameter to the '/api/v1/origins' endpoint. This issue specifically impacts users who permi...

8.2CVSS5.4AI score0.00259EPSS
Exploits0References8
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Medium: perl-XML-LibXML

Issue Overview: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjace...

7.5CVSS5.5AI score0.00531EPSS
Exploits0
Rows per page
Query Builder