Lucene search
K

103 matches found

RedHat Linux
RedHat Linux
added 2021/05/20 12:45 p.m.3 views

keycloak: Internationalized domain name (IDN) homograph attack to impersonate users

A flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity...

5.3CVSS5.7AI score0.00774EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/05/20 12:0 a.m.153 views

RHEL 7 : Red Hat Single Sign-On 7.4.7 security update on RHEL 7 (Moderate) (RHSA-2021:2064)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2064 advisory. Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

7.1CVSS6.4AI score0.00774EPSS
Exploits0References8
OSV
OSV
added 2020/10/13 4:15 p.m.2 views

CVE-2020-25779

Trend Micro Antivirus for Mac 2020 Consumer has a vulnerability in which a Internationalized Domain Name homograph attack Puny-code could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature...

3.3CVSS5.8AI score0.00838EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/10/13 12:0 a.m.24 views

CVE-2020-25779

Trend Micro Antivirus for Mac 2020 Consumer has a vulnerability in which a Internationalized Domain Name homograph attack Puny-code could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature. Recent...

3.3CVSS1.4AI score0.00838EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2020/08/07 12:13 p.m.5 views

Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simpl...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/07 12:13 p.m.30 views

Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simpl...

0.4AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/05/27 4:0 a.m.14 views

Watch Your Step: The Prevalence of IDN Homograph Attacks

The internationalized domain name IDN homograph attack is used to form domain names that visually resemble legitimate domain names, albeit, using a different set of characters 1. For example, the IDN...

2.6AI score
Exploits0
OSV
OSV
added 2020/05/01 2:15 p.m.4 views

UBUNTU-CVE-2020-12474

Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL...

6.5CVSS5.8AI score0.02527EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/05/01 1:45 p.m.23 views

CVE-2020-12474

Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL...

6.5CVSS6.3AI score0.02527EPSS
Exploits0
Hacker One
Hacker One
added 2020/04/29 3:28 a.m.159 views

Semrush: OAuth `redirect_uri` bypass using IDN homograph attack resulting in user's access token leakage

Issue Summary: It was found that SEMrush OAuth implementation fails to properly validate the value of redirecturi parameter which was bypassed using IDN homograph attack which results in leaking the user's access token to an attacker-controlled domain name. IDN homography attack exploits the fact...

6.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2019/08/20 1:15 a.m.28 views

CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

7.4CVSS7.1AI score0.00927EPSS
Exploits0References3
OSV
OSV
added 2019/08/20 1:15 a.m.2 views

UBUNTU-CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

7.4CVSS7.1AI score0.00927EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2019/08/20 12:39 a.m.30 views

CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

7.4CVSS7.3AI score0.00927EPSS
Exploits0
CVE
CVE
added 2019/08/20 12:39 a.m.157 views

CVE-2019-15237

CVE-2019-15237 affects Roundcube Webmail up to version 1.3.9, where Punycode xn-- domain names are mishandled, enabling homograph-like domain name confusion. Public sources in the connected documents corroborate a fix beyond 1.3.9: Fedora advisory FEDORA-2019-d9c2f1ec70 and Gentoo GLSA-202507-10 ...

7.4CVSS7.2AI score0.00927EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/05/20 2:29 p.m.3 views

CVE-2018-12270

In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites...

5.4CVSS5.8AI score0.00891EPSS
Exploits0References1
Prion
Prion
added 2019/05/20 2:29 p.m.17 views

Design/Logic Flaw

In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites...

5.8CVSS5.4AI score0.00891EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/05/20 2:29 p.m.14 views

CVE-2018-12270

In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites...

5.8CVSS5.4AI score0.00891EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/05/20 1:32 p.m.17 views

CVE-2018-12270

In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites...

5.5AI score0.00891EPSS
Exploits0References1
CVE
CVE
added 2019/05/20 1:32 p.m.42 views

CVE-2018-12270

Affected product: Valve Steam (1528829181 BETA). The vulnerability is a homograph/homoglyph attack that allows creating fake URLs in the Steam client, potentially fooling users into visiting unintended websites. Root cause details are not provided in the documents. Impact is described as user con...

5.8CVSS5.4AI score0.00891EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/03/25 8:29 p.m.2 views

UBUNTU-CVE-2019-10044

Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if for example Latin and Cyrillic characters...

8.8CVSS7.3AI score0.0328EPSS
Exploits1References3
Rows per page
Query Builder