Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.