PT-2026-38305

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.32 Description A logical flaw in the URL checking logic allows attackers to bypass security filters, leading to Server-Side Request Forgery SSRF. The system uses the validate url function to perform security...

SUSE CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

GHSA-9H3Q-32C7-R533 private-ip vulnerable to Server-Side Request Forgery

All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF, where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...

Astra Linux - уязвимость в symfony

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

Information Leakage

symfony/http-client is vulnerable to IP/port enumeration. The vulnerability is due to improper handling of IP filtering in the NoPrivateNetworkHttpClient, which fails to block certain IPs early enough during host resolution, allowing an attacker to enumerate IP addresses and ports, potentially...

DEBIAN-CVE-2024-50342

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

UBUNTU-CVE-2024-50342

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

Insertion of Sensitive Information Into Sent Data

Overview symfony/http-client is a Symfony HttpClient component. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the request function in NoPrivateNetworkHttpClient, used during host resolution. This can be exploited to enumerate ports or IP...

Symfony 信息泄露漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. An information disclosure vulnerability exists in Symfony that originates from some internal information being disclosed during host resolution, which could lead to IP/port...

PT-2024-34152

Name of the Vulnerable Software and Affected Versions: symfony/http-client versions prior to 5.4.46 symfony/http-client versions prior to 6.4.14 symfony/http-client versions prior to 7.1.7 Description: The issue is related to the NoPrivateNetworkHttpClient in the symfony/http-client module, which...

SUSE CVE-2011-2990

The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...

TCP-IP Datalook <= 1.3 - Local Denial of Service Exploit

No description provided by source. / IP-DATALOOK Local DoS Exploit --------------------------------- INFGP - Hacking&security Research Resolve host...OK + Connecting...OK Target locked Sending bad procedure...OK Server Disconnected! Tested on Windows2000 SP4 Infos: infamous.2hell.com /...

Mozilla Firefox Multiple Vulnerabilities-01 (May 2014) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Ubuntu: Security Advisory (USN-2189-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2189-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2189-1 advisory. Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safet...

USN-2189-1 thunderbird vulnerabilities

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially...

Memory corruption

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service heap...

CVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service heap...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2185-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2185-1 advisory. Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic a...

Mozilla: Use-after-free in nsHostResolver (MFSA 2014-46)

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service heap...