9 matches found
Improper Handling of Inconsistent Special Elements
Overview Affected versions of this package are vulnerable to Improper Handling of Inconsistent Special Elements due to inconsistent handling of negation operators in glob pattern processing. An attacker can cause unintended rule matching or bypass intended restrictions by crafting layouts that ar...
DOMPurify 跨站脚本漏洞
DOMPurify is a JavaScript-based tool developed by Cure53, designed for working with the DOM Document Object Model in HTML, MathML, and SVG. Versions of DOMPurify prior to 3.4.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from inconsistencies in the handling of...
dotnet: .NET Security Feature Bypass Vulnerability
A flaw was found in ASP.NET Core’s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended...
CVE-2025-55315
A flaw was found in ASP.NET Core’s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended...
Arbitrary Code Execution
skops is vulnerable to Arbitrary Code Execution. The vulnerability is due to inconsistent operator function handling due to a flaw in OperatorFuncNode that allows untrusted operator methods to be hidden and reused to invoke seemingly safe functions...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from inconsistent handling of zswap store page failures, which could lead to memory corruption...
Amazon Linux 2 : squid (ALASSQUID4-2023-002)
The version of squid installed on the remote host is prior to 4.15-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2SQUID4-2023-002 advisory. A flaw was found in squid. A trusted client can directly access the cache manager information, bypassing the manager ACL protecti...
Moderate: nss and nspr security, bug fix, and enhancement update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. The following packages have been upgrad...
Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines...