CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

CVE-2021-41270

CVE-2021-41270 (Symfony CSV Injection) affects Symfony/Serializer in Symfony PHP framework. The issue arises in the CsvEncoder where cells beginning with =, +, -, or @ could be treated as formulas. Initially, a tab prefix was used to escape these, but OWASP expanded the vulnerable set to include ...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists due to Insufficient control flow in certain data structures...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-2692)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call...

ALSA-2021:4385 Moderate: glib2 security and bug fix update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib2: Possible privilege...

CVE-2021-25219

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response...

CVE-2021-25219 Lame cache can be abused to severely degrade resolver performance

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response...

Fedora: Security Advisory for rust-cranelift-entity (FEDORA-2021-1805eacb48)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ALPINE-CVE-2021-28702

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region Reporting, "RMRR". These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest...

[SECURITY] Fedora 34 Update: rust-cranelift-entity-0.77.0-1.fc34

Data structures using entity references as mapping keys...

Fedora: Security Advisory for rust-cranelift-entity (FEDORA-2021-68713440cb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: rust-cranelift-entity-0.77.0-1.fc35

Data structures using entity references as mapping keys...

The vulnerability of the Drupal CMS system’s kernel, related to the lack of protective measures for website structures, allows attackers to compromise data integrity.

The vulnerability of the Drupal CMS system’s kernel lies in the fact that the AJAX API does not disable JSONP by default. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

Path traversal

OpenOLAT is a web-based learning management system LMS. A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user e.g. the tomcat user. Depending...

CVE-2021-28095

OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32...

[SECURITY] Fedora 33 Update: kernel-headers-5.13.3-100.fc33

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

The vulnerability of FortiWeb web applications’ network firewalls, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by sending specially crafted SQL queries...

CVE-2021-28687

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of...

CVE-2021-28687

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of...

The vulnerability of Apache Commons Collections and Cisco’s software products lies in the possibility of restoring unreliable data structures in memory, allowing attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Apache Commons Collections and Cisco’s software products lies in the rehydration of unreliable data structures in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...