CVE-2014-6061

CVE-2014-6061 affects Symfony HttpFoundation: parsing of the Authorization header in HTTP basic/digest auth is incorrect, potentially exploitable in certain server setups. Affected: Symfony HttpFoundation 2.0.x–2.5.x. Remediation: upgrade to fixed releases — Symfony 2.3.19+, 2.4.9+, or 2.5.4+. So...

CVE-2014-6072

CVE-2014-6072 concerns the Symfony WebProfiler import/export feature. The connected documents indicate a CSRF-protected form that accepts PHP-serialized profiler data, which can be crafted to inject code via unserialize, leading to potential code injection. Affected versions are Symfony WebProfil...

CVE-2021-46873

WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently...

jruby-openssl gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...

GHSA-XGV7-PQQH-H2W9 jruby-openssl gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...

PT-2023-33495 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: The issue concerns a locking problem in the pdc iodc print firmware call. The actual impact and potential for attack have not been confirmed. Recommendations: For Linux Kernel versions prior...

PT-2025-13355

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns data corruption on vram allocated by svm if initialization is not complete and an application is writing to the memory. To resolve this, a sync has been added after...

Out-of-bounds

The HWKEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access...

CVE-2022-46173 Elrond go Processing: fallback search of SCRs when not found in the main cache

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

CVE-2022-47943

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2WRITE, when there is a large length in the zero DataOffset case...

CVE-2021-42834

The connected HP advisory HPSBHF03825 notes a potential elevation of privilege in HyperX NGENUITY software, remediated on 2021-11-08. No explicit CVE mapping or exploit details are provided in the document. The Initial CVE entry CVE-2021-42834 remains reserved/placeholder with no public details i...

CVE-2022-25681

Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

GSD-2022-1008156 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()

bpf, testrun: Fix alignment problem in bpfprogtestrunskb This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.225 by commit...

Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

ASB-A-253978040

A race condition Use After Freee issue in unisoc sprd sdiohaldebug driver, which may cause EoP problem...

Kubeeye - Tool To Find Various Problems On Kubernetes, Such As Application Misconfiguration, Unhealthy Cluster Components And Node Problems

KubeEye is an inspection tool for Kubernetes to discover Kubernetes resources by OPA , cluster components, cluster nodes by Node-Problem-Detector and other configurations are meeting with best practices, and giving suggestions for modification. KubeEye supports custom inspection rules and plugins...

CVE-2014-4931

Summary: The connected documents describe a code injection vulnerability in Symfony’s translation caching within FrameworkBundle. The issue arises when locales from URLs are not sanitized before being dumped into a PHP cache file, enabling an attacker to inject PHP code via a crafted locale value...

CVE-2020-1441

CVE-2020-1441 is a Windows Spatial Data Service Elevation of Privilege vulnerability. The issue arises from improper handling of memory objects in Spatial Data Service, allowing a user who can log on to overwrite or modify protected files to gain elevated privileges on Windows 10 version 1903 (KB...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-80680)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which stems from tf.rawops.ResizeNearestNeighborGrad's lack of length size validation of the input data. validation, an attacker could exploi...

CVE-2022-2942

Feed Them Social