Microsoft HTTP.sys 资源管理错误漏洞

Microsoft HTTP.sys is an application protocol from Microsoft Corporation USA.HTTP application protocol. A resource management error vulnerability exists in Microsoft HTTP.sys. An attacker could exploit this vulnerability to cause a denial of service on the system. The following products and...

PT-2025-15505 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a use after free vulnerability in the implementation of the Lightweight Directory Access Protocol LDAP in the Windows operating system. This vulnerability allows an...

Django 5.0.x < 5.0.14, 5.1.x < 5.1.8 DoS Vulnerability - Windows

Django is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; ...

CVE-2025-25041

A vulnerability in the HPE Aruba Networking Virtual Intranet Access VIA client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM root. A successful exploit could allow the creation of a Denial-of-Service DoS condition affecting the Microsoft Windows Operating System...

CVE-2025-3033

After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

CVE-2025-25041

A vulnerability in the HPE Aruba Networking Virtual Intranet Access VIA client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM root. A successful exploit could allow the creation of a Denial-of-Service DoS condition affecting the Microsoft Windows Operating System...

CVE-2025-3033

After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

CVE-2025-3033 Opening local .url files could lead to another file being opened

After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

PT-2025-14108

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 137 Thunderbird versions prior to 137 Description The issue allows an unexpected file to be uploaded after selecting a malicious Windows .url shortcut from the local filesystem. This bug only affects Firefox on Window...

CVE-2025-2857 Incorrect handle could lead to sandbox escapes

Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...

CVE-2025-2857 Incorrect handle could lead to sandbox escapes

Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...

CVE-2025-2857

Firefox on Windows was vulnerable to a sandbox-escape in the IPC code where a compromised child process could cause the parent to return an unintentionally powerful handle. This pattern mirrors the Chrome/CVE-2025-2783 lineage and was exploited in the wild. The issue affected Firefox on Windows o...

Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 — Mozilla

Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...

Security Bulletin: IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system (CVE-2022-40746)

Summary IBM i Access Client Solutions is vulnerable to DLL hijacking when certain features are run on a Windows operating system that leverage native code. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section. Vulnerability...

The vulnerability of the exFAT file system of the Windows operating system, which allows a hacker to execute arbitrary code.

The vulnerability of the exFAT file system in the Windows operating system is related to buffer overflows in the heap. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2024-12217

CVE-2024-12217 affects the gradio-app/gradio project (commit git 67e4044). The flaw in the blocked_path implementation on Windows allows path traversal via NTFS Alternate Data Streams syntax (e.g., C:/tmp/secret.txt::$DATA), bypassing blocks that prevent access to restricted files and enabling re...

The vulnerability of the Windows RRAS operating system’s routing and remote access service allows a hacker to execute arbitrary code.

The vulnerability of the Windows RRAS operating system’s routing and remote access service is related to buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the compatibility subsystem’s kernel allows for the execution of Linux applications on Windows operating systems through the Windows Subsystem for Linux (WSL2). This enables attackers to execute arbitrary code.

The vulnerability in the kernel of the compatibility subsystem for running Linux applications, namely Windows Subsystem for Linux WSL2 on Windows operating systems, involves a pointer manipulation issue. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the Local Security Authority (LSA) service, which is responsible for authenticating users and managing local security policies in Windows operating systems, allows attackers to escalate their privileges.

The vulnerability of the Local Security Authority LSA in Windows operating systems, which is responsible for verifying identities and managing user policies, is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to increase their privileges...

The vulnerability of the DirectX component in Windows operating systems, which allows a hacker to cause a system failure

The vulnerability of the DirectX component in Windows operating systems is related to the swapping of the zero pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...