symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form

Description symfony/polyfill-intl-idn provides a userland implementation of idntoutf8 and idntoascii for runtimes that lack the intl extension. Its Idn::process method decodes labels prefixed with xn-- using Punycode but never enforces the validity criterion added in UTS 46 revision 33 Section 4...

EUVD-2026-23459

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

Security update for postgresql18

This update for postgresql18 fixes the following issue: Update to version 18.3 bsc1258754. Regression fixes: the substring function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. a standby...

EUVD-2021-20570

Malware in sbrugna...

EUVD-2008-2662

Malware in sbrugna...

EUVD-2017-16808

Malware in sbrugna...

squid: Out-of-bounds write error may lead to Denial of Service

A flaw was found in Squid. An out-of-bounds write can be triggered when an Edge Side Includes ESI variable is assigned to a value not in the standard ASCII range, for example, multi-byte characters. This flaw allows a trusted server to crash Squid while processing an ESI response content, resulti...

8x8 Bounty: Open Redirect via Non-Latin Subdomain in vcc-*.8x8.com/AGUI/█.php

The report described an Open Redirect vulnerability in the vcc-.8x8.com/AGUI/█.php endpoint, where a filter that prevented the use of 1-9 and a-z characters in the subdomain parameter could be bypassed by utilizing a non-Latin domain. The vulnerability was demonstrated by redirecting to the...

SUSE CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...

SUSE CVE-2008-2667

SQL injection vulnerability in the Courier Authentication Library aka courier-authlib before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified...

SUSE CVE-2017-7833

Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combine...

CVE-2021-33897

A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service application crash via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper pa...

Buffer overflow

A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service application crash via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper pa...

CVE-2021-33897

A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service application crash via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper pa...

[slackware-security] infozip

New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/infozip-6.0-i586-4slack14.2.txz: Rebuilt. Added some patches that should fix extracting archives with non-latin characte...

CVE-2017-7833

Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combine...

CVE-2017-7833

Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combine...

GLSA-200903-25 : Courier Authentication Library: SQL Injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200903-25 Courier Authentication Library: SQL Injection vulnerability It has been reported that some parameters used in SQL queries are not properly sanitized before being processed when using a non-Latin locale Postgres database...

Courier Authentication Library: SQL Injection vulnerability

Background The Courier Authentication Library is a generic authentication API that encapsulates the process of validating account passwords. Description It has been reported that some parameters used in SQL queries are not properly sanitized before being processed when using a non-Latin locale...

CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...