USN-6712-1: Net::CIDR::Lite vulnerability

It was discovered that Net::CIDR::Lite incorrectly handled extra zero characters at the beginning of IP address strings. A remote attacker could possibly use this issue to bypass access controls...

PT-2024-11204 · Unknown · Net::Ipaddress::Util

Name of the Vulnerable Software and Affected Versions: Net::IPAddress::Util versions prior to 5.000 Description: The issue arises from the Net::IPAddress::Util module not properly handling extraneous zero characters in IP address strings. This can lead to attackers bypassing access control based ...

CVE-2021-29418

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This in some situations allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for...

Multiple Vulnerabilities in Mozilla Firefox and Firefox ESR

Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox's handling of IP address strings with Ogham space characters, which can be exploited by remote attackers to bypass the homology policy of the...

Design/Logic Flaw

Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inboundproxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication...