Lucene search
K

154 matches found

RedHat Linux
RedHat Linux
added 3 days ago4 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.1AI score0.00478EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/08 3:52 p.m.4 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/06 2:40 a.m.9 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:39 p.m.7 views

CVE-2025-71316

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

9.8CVSS5.9AI score0.00384EPSS
Exploits0References5
ICS
ICS
added 2026/06/04 2:10 p.m.13 views

SQLite sqldiff remote code execution via argument injection

RISK EVALUATION An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. 2. RECOMMENDED PRACTICES Fixed on 2025-12-26. 3. DESCRIPTION SQLite 'sqldiff.exe'...

9.8CVSS5.6AI score0.00384EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.31 views

PT-2026-46313

Name of the Vulnerable Software and Affected Versions SQLite sqldiff.exe versions prior to 2025-12-26 Description The sqldiff.exe utility does not securely handle the conversion of Unicode characters to ANSI codepages by the Microsoft Windows C runtime. An attacker can exploit this by using the...

9.8CVSS5.7AI score0.00384EPSS
Exploits0References10
OSV
OSV
added 2026/05/22 4:16 p.m.6 views

DEBIAN-CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 4:16 p.m.10 views

UBUNTU-CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/22 4:16 p.m.13 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/22 3:1 p.m.9 views

CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

5.8AI score0.00478EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/22 3:1 p.m.11 views

EUVD-2026-31449

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

10CVSS5.8AI score0.00478EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 3:1 p.m.2 views

CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References55
OSV
OSV
added 2026/05/22 2:46 a.m.8 views

GO-2026-5026 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in GLib. A integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds...

5.4CVSS6.1AI score0.00325EPSS
Exploits1References2
OSV
OSV
added 2026/04/24 4:7 p.m.12 views

CLSA-2026-1776960263 ImageMagick: Fix of CVE-2026-32636

CVE-2026-32636: out-of-bounds write of a single zero byte in ConvertUTF16ToUTF8 via NewXMLTree when resizing UTF-8 buffer...

7.5CVSS5.9AI score0.00475EPSS
Exploits0References1
OSV
OSV
added 2026/04/15 11:10 p.m.12 views

CLSA-2026-1776257772 ImageMagick: Fix of CVE-2026-32636

CVE-2026-32636: out-of-bounds write of a single zero byte in ConvertUTF16ToUTF8 via NewXMLTree when resizing UTF-8 buffer...

7.5CVSS5.9AI score0.00475EPSS
Exploits0References1
OSV
OSV
added 2026/04/03 10:2 a.m.9 views

CLSA-2026-1775210556 ghostscript: Fix of 4 CVEs

CVE-2025-27830: fix potential buffer overflow with DollarBlend in font serialization - CVE-2025-27831: prevent Unicode decoding overrun in txtwrite/docxwrite devices - CVE-2025-27835: fix confusion between bytes and shorts in glyph to Unicode conversion - CVE-2025-27836: fix potential print...

9.8CVSS6.9AI score0.00579EPSS
Exploits0References1
OSV
OSV
added 2026/04/02 8:56 a.m.8 views

CLSA-2026-1775120182 ghostscript: Fix of 4 CVEs

CVE-2025-27830: fix potential buffer overflow with DollarBlend in font serialization - CVE-2025-27831: prevent Unicode decoding overrun in txtwrite/docxwrite devices - CVE-2025-27835: fix confusion between bytes and shorts in glyph to Unicode conversion - CVE-2025-27836: fix potential print...

9.8CVSS6.9AI score0.00579EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/23 1:32 a.m.7 views

openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

A flaw was found in OpenSSL. When processing a specially crafted PKCS12 Personal Information Exchange Syntax Standard file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSLuni2utf8 function, leads to memory corruption by writing data...

7.4CVSS6AI score0.00444EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2026/02/28 9:4 a.m.9 views

hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()

...

7.1CVSS6.8AI score0.00182EPSS
Exploits0
Rows per page
Query Builder