RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.8 Security update (Important) (RHSA-2025:10453)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10453 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

Perl CryptX 安全漏洞

Perl CryptX is a versatile and powerful, high-performance cryptographic toolkit for Perl open source. A security vulnerability exists in Perl CryptX versions prior to 0.065, which stems from a dependency library that may be vulnerable to a malformed unicode attack...

CVE-2024-45412 Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

SUSE CVE-2016-5267

Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set...

Trojan Source CVE-2021-42572: No Panic Necessary

What is this thing? Researchers at the University of Cambridge and the University of Edinburgh recently published a paper on an attack technique they call “Trojan Source.” The attack targets a weakness in text-encoding standard Unicode—which allows computers to handle text across many different...

Hiding Vulnerabilities in Source Code

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. Its really clever, and not the sort of attack one would normally think about. From Ross Andersons blog: We have discovered ways of manipulating the encoding of sourc...