CVE-2018-21074

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

CVE-2018-21074

CVE-2018-21074 affects Samsung mobile devices running M(6.x) software on Exynos or Qualcomm chipsets. The issue is information disclosure from a Trustlet via the debug log. The available documents do not specify affected device models, versions, or the exact root cause details beyond the trustlet...

adb-driver injection vulnerability

adb-driver is a universal Android USB driver. An injection vulnerability exists in adb-driver. The vulnerability can be exploited to execute arbitrary commands with the help of the 'command' parameter...

CVE-2018-5742

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 - bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also ...

Mail.ru: mailer.i.bizml.ru viber service preprod information disclosure

DEBUG mode enabled on http://52.29.101.127:1060/ leading to DB login and passwd leaks...

CVE-2019-9444

In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation...

Symfony 4.4.x < 4.4.4, 5.0.x < 5.0.4 Information Disclosure Vulnerability

Symfony is prone to an information disclosure vulnerability. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Softwa...

CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the...

DEBIAN-CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the...

CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the...

Design/Logic Flaw

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the...

Exceptions displayed in non-debug configurations in Symfony

Description ----------- When ErrorHandler renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-debug environments. Resolution ---------- The...

GHSA-M884-279H-32V2 Exceptions displayed in non-debug configurations in Symfony

Description ----------- When ErrorHandler renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-debug environments. Resolution ---------- The...

CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler

Affected versions Symfony 4.4.0 to 4.4.3 and 5.0.0 to 5.0.4 versions of the Symfony ErrorHandler component are affected by this security issue. The issue has been fixed in Symfony 4.4.4 and 5.0.4. Description When ErrorHandler renders an exception HTML page, it uses un-escaped properties from the...

PT-2020-18364 · Symfony · Symfony +1

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4.5 and 5.0.5 symfony/http-foundation versions prior to 4.4.5 and 5.0.5 Description: The issue arises from the ErrorHandler rendering unescaped properties of the Exception class when displaying the stacktrace, whic...

CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

Command injection

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

PT-2020-12349 · Draytek · Draytek Vigor2960 +2

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 versions prior to 1.5.1 Draytek Vigor2960 versions prior to 1.5.1 Draytek Vigor300B versions prior to 1.5.1 Description: The issue allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode,...

CVE-2019-20547

An issue was discovered on Samsung mobile devices with O8.x and P9.0 software. Data may leak via a Bluetooth debug command. The Samsung ID is SVE-2019-15398 November 2019...