Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sensiolabs vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-18886
An issue exists in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.
Sensiolabs Symfony
4.9
CVSSv2
CVE-2013-4751
php-symfony2-Validator has loss of information during serialization
Sensiolabs Symfony
Redhat Enterprise Linux 6.0
Fedoraproject Fedora 19
Fedoraproject Fedora 18
7.5
CVSSv2
CVE-2017-11365
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.
Sensiolabs Symfony 2.7.30
Sensiolabs Symfony 2.8.23
Sensiolabs Symfony 3.3.3
Sensiolabs Symfony 3.2.10
7.5
CVSSv2
CVE-2019-10910
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Sensiolabs Symfony
Drupal Drupal
6
CVSSv2
CVE-2019-10911
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, a vulnerability would allow an malicious user to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. T...
Sensiolabs Symfony
Drupal Drupal
6.5
CVSSv2
CVE-2019-10912
In Symfony prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. Th...
Sensiolabs Symfony
7.5
CVSSv2
CVE-2019-10913
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. T...
Sensiolabs Symfony
2 Github repositories
3.5
CVSSv2
CVE-2019-10909
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Sensiolabs Symfony
Drupal Drupal
5
CVSSv2
CVE-2018-19789
An issue exists in Symfony 2.7.x prior to 2.7.50, 2.8.x prior to 2.8.49, 3.x prior to 3.4.20, 4.0.x prior to 4.0.15, 4.1.x prior to 4.1.9, and 4.2.x prior to 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's t...
Sensiolabs Symfony
Debian Debian Linux 8.0
5.8
CVSSv2
CVE-2018-19790
An open redirect exists in Symfony 2.7.x prior to 2.7.50, 2.8.x prior to 2.8.49, 3.x prior to 3.4.20, 4.0.x prior to 4.0.15, 4.1.x prior to 4.1.9 and 4.2.x prior to 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redi...
Sensiolabs Symfony
Fedoraproject Fedora 28
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »