SUSE SLES12 Security Update : grub2 (SUSE-SU-2022:4144-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4144-1 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize...

SUSE SLES12 Security Update : grub2 (SUSE-SU-2022:4143-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4143-1 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize...

Debian DSA-5280-1 : grub2 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5280 advisory. - grub2: Buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot bypass CVE-2022-2601 - grub2: Heap based out-of-bounds...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

The vulnerability of the encoding.c component of the GNU Screen window manager allows a hacker to introduce or modify arguments, thereby enabling them to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the encoding.c component of the GNU Screen terminal manager is related to incorrect processing of UTF-8 character sequences. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

PYSEC-2019-14

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...

Libpango 1.40.8 - Denial of Service (PoC)

Libpango 1.40.8 - Denial of Service PoC Exploit Title: Libpango 1.40.8 - Denial of Service PoC Date: 2018-08-06 Exploit Author: Jeffery M Vendor Homepage: https://www.pango.org/ Software Link: http://ftp.gnome.org/pub/GNOME/sources/pango/1.40/pango-1.40.9.tar.xz Version: 1.40.8+ Tested on: Window...

DEBIAN-CVE-2018-15120

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted text with invalid Unicode sequences...

CVE-2018-15120

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted text with invalid Unicode sequences...

Design/Logic Flaw

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted text with invalid Unicode sequences...

CVE-2018-15120

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted text with invalid Unicode sequences...

CVE-2018-15120

The CVE-2018-15120 entry concerns libpango in Pango 1.40.8–1.42.3 where crafted text with invalid Unicode sequences can cause a denial of service (application crash) and potentially other impacts. Public sources (e.g., CNVD, CNVD-2018-17885) indicate the fix is in Pango 1.42.4 and later. Related ...

CVE-2018-15120

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted text with invalid Unicode sequences...

Improper Handling of Alternate Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Alternate Encoding via boost::locale::utf::utftraits in the /boost/locale/utf.hpp, which does not properly detect certain invalid UTF-8 sequences. A remote attacker can bypass input validation protection mechanisms...

expat: buffer over-read and crash on XML with malformed UTF-8 sequences

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

Debian Security Advisory DSA 838-1 (mozilla-firefox)

The remote host is missing an update to mozilla-firefox announced via advisory DSA 838-1. Multiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim's machine via specially crafted network...

CentOS 4 : firefox (CESA-2005:785)

An updated firefox package that fixes several security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox...

CentOS 3 / 4 : Mozilla (CESA-2005:789)

Updated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was...