5.5
CVE-2024-50169 - vsock: Update rx_bytes on read_skb()
In the Linux kernel, the following vulnerability has been resolved: vsock: Update rx_bytes on read_skb() Make sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt() calls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn't lie) after vsock_transport::read_skb(). While here, alsoβ¦
5.3
CVE-2024-10928 - MonoCMS Posts Page opensaved.php cross site scripting
A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scriptiβ¦
5.3
CVE-2024-10927 - MonoCMS Account Information Page account.php cross site scripting
A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch tβ¦
7.3
CVE-2024-50340 - Ability to change environment from query in symfony/runtime
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode usedβ¦
3.1
CVE-2024-50341 - Security::login does not take into account custom user_checker in symfony/security-bundle
symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading β¦
3.1
CVE-2024-50342 - Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enuβ¦
3.1
CVE-2024-50343 - Incorrect response from Validator when input ends with `\n` in symfony/validator
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses thβ¦
5.3
CVE-2024-10926 - IBPhoenix ibWebAdmin Tabelas Section toggle_fold_panel.php cross site scripting
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated β¦
3.1
CVE-2024-50345 - Open redirect via browser-sanitized URLs in symfony/http-foundation
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` claβ¦
0
CVE-2024-51736 - Command execution hijack on Windows with Process class in symfony/process
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijackβ¦