Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.