GHSA-3QP7-7MW8-WX86 Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

Summary An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses can bypass the restrictions. Details io.netty.handler.ipfilter.IpSubnetFilterRulecompareTojava.net.InetSocketAddress method performs a bitwise AND...

PT-2026-47600

Name of the Vulnerable Software and Affected Versions netty-handler versions prior to 4.1.135.Final netty-handler versions prior to 4.2.15.Final Description An incorrect masking operation in the compareTo function of the IpSubnetFilterRule class allows an attacker to bypass IPv6 subnet rules...

NULL Pointer Dereference

ThreeTen Backport is vulnerable to NULL Pointer Dereference. The vulnerability is due to missing null value checks in the org.threeten.bp.LocalDate::compareToChronoLocalDate method, resulting in a NullPointerException if an attacker can pass a null value to the method...

UBUNTU-CVE-2024-23081

DISPUTED ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareToChronoLocalDate. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. T...

ThreeTen backport project 安全漏洞

ThreeTen backport project is a simple backport for ThreeTen open source. A security vulnerability exists in ThreeTen backport project version v1.6.8, which stems from a null pointer exception contained in the component org.Threeten.bp.LocalDate compareToChronoLocalDate...

PT-2024-19660 · Unknown · Threeten Backport

Name of the Vulnerable Software and Affected Versions: ThreeTen Backport version 1.6.8 Description: A NullPointerException was discovered in the component org.threeten.bp.LocalDate::compareToChronoLocalDate. However, the existence of this issue is disputed by multiple third parties due to...

CVE-2024-23081

CVE-2024-23081 concerns ThreeTen Backport v1.6.8 with a NullPointerException in org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). IBM/Red Hat/Ubuntu notices confirm this vulnerability pattern across OSS used in various products; IBM’s Security Bulletin for Log Analysis (v1.3.7.2/1.3.8 path) ...

SUSE CVE-2005-2265

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service access violation and crash, and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string...

Mozilla Firefox 1.04 - 'compareTo()' Remote Code Execution

Mozilla FirefoxcompareTo Remote Code Execution Exploit function BodyOnLoad location.href="javascript:void new InstallVersion;"; CrashAndBurn; ; // The "Heap Spraying" is based on SkyLined InternetExploiter2 methodology function CrashAndBurn // Spray up to this address var...

security flaw

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service access violation and crash, and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string...