328 matches found
Servo 安全漏洞
Servo is a prototype web browser engine written in the Rust language from the Servo open source. A security vulnerability exists in Servo that stems from improper validation of punycode unsafe equivalence, which could lead to hostname obfuscation...
CVE-2024-54158
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding...
[SECURITY] Fedora 41 Update: rust-idna-1.0.3-1.fc41
IDNA Internationalizing Domain Names in Applications and Punycode...
[SECURITY] Fedora 40 Update: rust-idna-1.0.3-1.fc40
IDNA Internationalizing Domain Names in Applications and Punycode...
CVE-2023-4399
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the...
Unspecified Vulnerability in JetBrains YouTrack
JetBrains YouTrack is a project management tool, developed by JetBrains, supporting cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a...
GHSA-H97M-WW89-6JMQ `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...
RUSTSEC-2024-0421 `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...
firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack...
firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack...
firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack...
firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack...
firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack...
CVE-2024-54158
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding...
CVE-2024-54158
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding...
CVE-2024-54158
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding...
CVE-2024-54158
CVE-2024-54158 is associated with JetBrains YouTrack prior to 2024.3.52635, where a spoofing attack was possible due to missing Punycode encoding. The connected Red Hat, CNVD, CVE lists and Nessus plugin entry corroborate the vulnerability in YouTrack versions before 2024.3.52635. The primary imp...
CVE-2024-54158
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding...