CVE-2019-12290

Libidn2 (GNU libidn2) before 2.2.0 fails RFC3490 roundtrip checks when converting A-labels to U-labels, enabling domain impersonation. Affected: libidn2 (prior to 2.2.0). Remediation: upgrade to 2.2.0 or newer (advisories show updates to 2.3.x). Connected advisories also reference CVE-2019-18224 ...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

DEBIAN-CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

UBUNTU-CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

Code injection

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

CVE-2019-15237

CVE-2019-15237 affects Roundcube Webmail up to version 1.3.9, where Punycode xn-- domain names are mishandled, enabling homograph-like domain name confusion. Public sources in the connected documents corroborate a fix beyond 1.3.9: Fedora advisory FEDORA-2019-d9c2f1ec70 and Gentoo GLSA-202507-10 ...

CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

PT-2019-14031

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.4.0 Description The issue is related to how Roundcube Webmail handles Punycode xn-- domain names, which can lead to homograph attacks. Recommendations For versions prior to 1.4.0, update to version 1.4.0 o...

NewStart CGSL MAIN 4.05 : python Vulnerability (NS-SA-2019-0166)

The remote NewStart CGSL host, running version MAIN 4.05, has python packages installed that are affected by a vulnerability: - It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Nam...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0061)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause...

Slurp - S3 Bucket Enumerator

Blackbox/whitebox S3 bucket enumerator Overview Credit to all the vendor packages that made this tool possible. This is a security tool; it's meant for pen-testers and security professionals to perform audits of s3 buckets. Features Scan via domains; you can target a single domain or a list of...

UBUNTU-CVE-2019-11721

The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox 68...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

Information Disclosure

Python is vulnerable to information disclosure vulnerability. This is because, the python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...