Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unicode unicode vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35823
In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the buffer&...
NA
CVE-2024-32874
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. ...
NA
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape saniti...
NA
CVE-2024-4175
Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an malicious user to send a malicious payload with Unicode characters that will be replaced by ASCII characters.
NA
CVE-2024-32038
Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is ...
NA
CVE-2024-3900
Out-of-bounds array write in Xpdf 4.05 and previous versions, triggered by long Unicode sequence in ActualText.
NA
CVE-2017-20190
Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpr...
NA
CVE-2024-28244
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX suppor...
9.8
CVSSv3
CVE-2020-36773
Artifex Ghostscript prior to 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).
Artifex Ghostscript 9.52
Artifex Ghostscript 9.53.0
Artifex Ghostscript 9.52.1
Artifex Ghostscript 9.51
5.7
CVSSv3
CVE-2024-23826
spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. prior to 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service un...
Se.math.spbu Spbu Se Site
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »