pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked ca...
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources.
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
Symfony's Cas2Handler Derives CAS service URL from Client Host Header โ Cross-Service Ticket Replay
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() โ Unescaped Non-PHP File Rendering
Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service
Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache.
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:
A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The returned NULL pointer is not checked before being de...
When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is n...
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.