firefox: Inconsistent comparator in XSLT sorting led to out-of-bounds access

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access...

firefox: Inconsistent comparator in XSLT sorting led to out-of-bounds access

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access...

CVE-2025-1932

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access...

Mozilla Thunderbird < 136.0

The version of Thunderbird installed on the remote Windows host is prior to 136.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-17 advisory. - Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of thes...

CVE-2025-1867 HTTP Response Smuggling Vulnerability in libhv

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3...

“Emergent Misalignment” in LLMs

Interesting research: "Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs": Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model act...

libxml: use-after-free in xmlXIncludeAddNode

A flaw was found in libxml2 where improper handling of memory allocation failures in libxml2 can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress...

The vulnerability of the IBM Sterling File Gateway file server, which stems from inconsistencies in the responses to incoming requests, allows attackers to gain unauthorized access to protected information.

The vulnerability of the IBM Sterling File Gateway file server is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the IBM Control Center’s process monitoring and control system, related to inconsistencies in responses to incoming requests, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IBM Control Center’s process monitoring and control system lies in the inconsistency of responses to incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from inconsistent definitions of MAXSURFACES and MAXSURFACENUM, which could lead to a page fault...

PT-2026-26042

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ntfs3 file system within the Linux kernel that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can trigger an infinite loop when an attribute...

The vulnerability of the Loway QueueMetrics software for analyzing call center performance metrics lies in its inability to properly handle incoming requests, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Loway QueueMetrics performance analysis software lies in the inconsistency of its responses to incoming requests. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information by sending specially crafted...

CVE-2024-54503

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled...

CVE-2024-54503

The CVE-2024-54503 entry describes an inconsistent user interface issue related to muting a call during ringing, caused by flawed state management. Apple fixed this in iOS 18.2 and iPadOS 18.2 by improving state management. In the linked documents, there are no explicit exploitation details or at...

CVE-2024-53096

In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmapregion error path behaviour The mmapregion function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memory leaks and other...

CVE-2024-53008

CVE-2024-53008 is confirmed in multiple advisories affecting HAProxy across Linux distributions (Amazon Linux 2023, EulerOS 2.0 SP12, Photon OS 4, TencentOS Server 4, Astra Linux). The issue is described as an insecure interpretation of HTTP requests (HTTP Request/Response Smuggling) that may all...

USN-7115-1 Waitress vulnerabilities

It was discovered that Waitress could process follow up requests when receiving a specially crafted message. An attacker could use this issue to have the server process inconsistent client requests. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. CVE-2024-49768 Dylan Jay discovered th...

webkitgtk: Visiting a malicious website may lead to address bar spoofing

A flaw was found in WebKit. This flaw allows a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. The attacker could perform address bar spoofing by tricking a victim into visiting a specially crafted website...

The vulnerability of the Basic Authentication mechanism in the Mendix Runtime environment allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Basic Authentication mechanism in the Mendix Runtime environment is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

webkit: visiting a malicious website may lead to address bar spoofing

A flaw was found in WebKit that may allow a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. By tricking a victim into visiting a specially crafted website, the attacker could perform address bar spoofing...