Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...

PT-2023-8915 · Grafana +2 · Grafana +2

Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue is related to a bypass of the deny list in Grafana, which is an open-source platform for monitoring and observability. This bypass can be achieved by using punycode encoding of...

SUSE CVE-2017-5383

URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

CVE-2017-7832

The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing...