19 matches found
MiracleLinux 8 : grub2-2.02-142.el8.1.ML.1 (AXSA:2023-4726:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4726:01 advisory. grub2: Buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot bypass CVE-2022-2601 grub2: Heap based...
MiracleLinux 9 : grub2-2.06-46.el9.3.ML.1 (AXSA:2023-5114:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5114:03 advisory. grub2: Buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot bypass CVE-2022-2601 grub2: Heap based...
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2023-1595)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2018-5173
The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full,...
grub2: Heap based out-of-bounds write when redering certain unicode sequences
A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this...
CVE-2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...
CVE-2022-2601 & CVE-2022-3775: Multiple GRUB2 vulnerabilities
Security Advisory ID : BSA-2022-2139 Component : GRUB2 Revision : 1.0 Brocade PSIRT has become aware of two grub vulnerabilities. CVE-2022-2601 grub2: A buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot by-pass A buffer overflow was found in...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
CVE-2012-0156
DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service application hang via a 1 instant message or 2 web site, aka "DirectWrite...
PT-2012-2356 · Microsoft · Directwrite +1
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: A denial of service issue exists due to improper rendering of Unicode characters by DirectWrite. This allows remote attackers to cause an application hang via an instant messa...