5412 matches found
Important Photon OS Security Update - PHSA-2025-5.0-0578
Updates of 'icu' packages of Photon OS have been released...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the url validator in jdbc interpreter. An attacker can access arbitrary files on the system by submitting a specially crafted, non UTF-8 encoded JDBC connection string. Note: This issue...
Security update for python311
This update for python311 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: Security gh-135034: Fixes multiple issues that allowed tarfile extraction filters filter="data...
Security Bulletin: IBM i is affected by multiple vulnerabilities in International Components for Unicode (ICU) option 39 [CVE-2017-14952 CVE-2011-4599 CVE-2017-17484].
Summary International Components for Unicode ICU is a C and C++ library that provides Unicode services used for writing global applications in ILE programming languages. IBM i licensed program option 39 International Components for Unicode is currently built using ICU4C version 4.0. This version...
Mozilla: Bypass of Restricted Keyword "Mozilla" in Display Name Field via Unicode Homoglyphs on addons.allizom.org
A restricted keyword bypass vulnerability was discovered on the Firefox Add-ons platform that allowed an attacker to register a display name visually identical to "Mozilla" by using a Unicode homoglyph character. This circumvented the intended restriction and could have been used to impersonate...
icu: Stack buffer overflow in the SRBRoot::addTag function
A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution...
icu: Stack buffer overflow in the SRBRoot::addTag function
A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution...
Moderate: Red Hat Security Advisory: icu security update
An update for icu is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
RHEL 9 : icu (RHSA-2025:12331)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:12331 advisory. The International Components for Unicode ICU library provides robust and full-featured Unicode services. Security Fixes: icu: Stack buffer overflow ...
libxml2: Out-of-Bounds Read in libxml2
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...
libxml2: Out-of-Bounds Read in libxml2
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...
icu: Stack buffer overflow in the SRBRoot::addTag function
A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution...
ALSA-2025:12083 Moderate: icu security update
The International Components for Unicode ICU library provides robust and full-featured Unicode services. Security Fixes: icu: Stack buffer overflow in the SRBRoot::addTag function CVE-2025-5222 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
icu: Stack buffer overflow in the SRBRoot::addTag function
A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution...
Moderate: Red Hat Security Advisory: icu security update
An update for icu is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
ALSA-2025:11888 Moderate: icu security update
The International Components for Unicode ICU library provides robust and full-featured Unicode services. Security Fixes: icu: Stack buffer overflow in the SRBRoot::addTag function CVE-2025-5222 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
CLSA-2025-1753209049 Fix CVE(s): CVE-2025-4516
SECURITY UPDATE: improper handling of 'decode' function with 'unicodeescape' encoding in bytes - debian/patches/CVE-2025-4516.patch: Fix use-after-free in the 'unicode- escape' decoder with a non-'strict' error handler - CVE-2025-4516...
Stack-based Buffer Overflow
International Components for Unicode ICU is vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to improper handling of the ‘subtag’ struct in the SRBRoot::addTag function while running the genrb binary, which allows an attacker to cause memory corruption and achieve local...
Exploit for CVE-2025-52488
DNN Unicode Path Normalization NTLM Hash Disclosure Exploit C...
DNN Unicode Path Normalization NTLM Hash Disclosure
This exploit targets a vulnerability in DNN formerly DotNetNuke versions 6.0.0 to before 10.0.1 that allows attackers to disclose NTLM hashes through Unicode path normalization attacks...