| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution. |
| A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. |
| HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. |
| PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. |
| The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion. |
| Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel. |
| Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. |
| In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Variables.jsp" has reflected XSS via the ConnPoolName and GroupId parameters. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the GroupId and ConnPoolName parameters. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentUser.jsp" has reflected XSS via the GroupId and ConnPoolName parameters. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPool.jsp" has reflected XSS via the PropName parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Users.jsp" has reflected XSS via the ConnPoolName parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "UserProperties.jsp" has reflected XSS via the ConnPoolName parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "SubPagePackages.jsp" has reflected XSS via the ConnPoolName and GroupId parameters. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the ConnPoolName and GroupId parameters. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "GroupRessourceAdmin.jsp" has reflected XSS via the ConnPoolName parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters. |
| There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service. |
