← Back

Pango

pango

4 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Pango
pango
2 CVEs
Virtual Private Network Software Development Kit
virtual_private_network_software_development_kit
1 CVE
Hotspot Shield
hotspot_shield
1 CVE

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-17365
1Pango
1Hotspot Shield
Nov 21, 2024
Sep 24, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allow...Show more
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.Show less
CVE-2020-12828
1Pango
1Virtual Private Network Software Development Kit
Nov 21, 2024
May 21, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious execut...Show more
An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.Show less
CVE-2011-0020
2Gnome
Pango
2Pango
Pango
Apr 29, 2026
Jan 24, 2011
N/A· v4
N/A· v3
7.6 HIGH· v2
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers...Show more
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.Show less
CVE-2009-1194
1Pango
1Pango
Apr 23, 2026
May 11, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary c...Show more
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.Show less