CVE-2024-35823

In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 "vt: fix memory overlapping when deleting chars in the buffer". The cure is also the...

[SECURITY] Fedora 39 Update: uriparser-0.9.8-1.fc39

Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...

[SECURITY] Fedora 40 Update: php-wikimedia-utfnormal-4.0.0-1.fc40

utfnormal is a library that contains unicode normalization functions. It was split out of MediaWiki core during the 1.25 development cycle...

RHEL 7 : developer_environment (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - An issue wa...

GHSA-W4H6-9WRP-V5JQ Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

CVE-2024-32874

In Frigate, CVE-2024-32874, an application-level DoS can occur when uploading or handling filenames with very long Unicode names due to unbounded filename length and costly Unicode normalization (NFKD) inside secure_filename(). Affected: Frigate releases before 0.13.2. Impact: potential web-app h...

HTML Injection

html-sanitizer is vulnerable to HTML injection. The vulnerability is due to improper handling of unicode normalization, which results in certain unicode characters normalizing to chevrons enabling specially crafted HTML to evade sanitization...

CVE-2024-34078

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

GHSA-WVHX-Q427-FGH3 Arbitrary HTML present after sanitization because of unicode normalization

Impact If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. Patches The problem has been fixed in 2.4.2. Workarounds Se...

Arbitrary HTML present after sanitization because of unicode normalization

Impact If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. Patches The problem has been fixed in 2.4.2. Workarounds Se...

Moderate: perl security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Write past buffer end via illegal user-defined Unicode property CVE-2023-47038 For more details about the security issues, including the impact, a CVSS...

CVE-2024-4175

Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters...

CVE-2024-4175

The CVE-2024-4175 entry concerns Hyperion Web Server (version 2.0.15) with a Unicode transformation vulnerability. The underlying issue allows a attacker-supplied payload using Unicode characters that will be replaced by ASCII characters, potentially affecting data integrity and confidentiality (...

CVE-2024-32038 Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh...

CVE-2024-3900

Removed by vendor...

USN-6722-1: Django vulnerability

Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts...

USN-6722-1 python-django vulnerability

Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts...

EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-1484)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-1505)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: php-tcpdf-6.7.4-1.fc40

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...