25 matches found
Astra Linux - уязвимость в grub2
When rendering certain Unicode sequences, Grub2’s font code does not properly validate whether the width and height of the glyph are within the bitmap size. As a result, an attacker can create an input that will cause an out-of-bounds write to Grub2’s heap, leading to memory corruption and...
EUVD-2017-14487
Malware in sbrugna...
EUVD-2017-14125
Malware in sbrugna...
OESA-2025-1359 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of...
CVE-2025-27835
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c...
SUSE CVE-2017-5383
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
SUSE CVE-2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...
AZL-34792 CVE-2022-3775 affecting package grub2 for versions less than 2.06-14
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...
Improper Input Validation
Firefox is vulnerable to improper input validation attacks. A remote user can spoof URLs using certain unicode glyphs for alternative hyphens and quotes which leads to disclosure of information...
CVE-2017-5383
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2017-5383
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2017-5383
CVE-2017-5383 describes spoofing via specific Unicode glyphs used to alter the location bar content. The initial entry notes impact on Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox
UBUNTU-CVE-2017-5015
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...
CVE-2017-5015
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...
CVE-2017-5015
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...
CVE-2017-5015
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...
Code injection
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...
CVE-2017-5015
CVE-2017-5015 affects Google Chrome prior to 56.0.2924.76 on desktop and 56.0.2924.87 on Android, due to incorrect handling of Unicode glyphs in IDN homographs that enables domain spoofing. Related sources describe an Omnibox/URL spoofing vulnerability in Chrome and indicate the fix was released ...
CVE-2017-5015
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...
USN-3175-2: Firefox regression
USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in...