Filtered by vendor Pango Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-17365 1 Pango 1 Hotspot Shield 2024-11-21 7.8 High
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
CVE-2020-12828 1 Pango 1 Virtual Private Network Software Development Kit 2024-11-21 9.8 Critical
An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.
CVE-2011-0020 3 Gnome, Pango, Redhat 3 Pango, Pango, Enterprise Linux 2024-11-21 N/A
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
CVE-2009-1194 2 Pango, Redhat 2 Pango, Enterprise Linux 2024-11-21 N/A
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.