Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sensiolabs symfony vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-16654
An issue exists in Symfony prior to 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determ...
Sensiolabs Symfony
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2016-4423
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony prior to 2.3.41, 2.7.x prior to 2.7.13, 2.8.x prior to 2.8.6, and 3.0.x prior to 3.0.6 does not limit the length of a username stored in a session, whi...
Sensiolabs Symfony 3.0.5
Sensiolabs Symfony 3.0.4
Sensiolabs Symfony 3.0.3
Sensiolabs Symfony 2.7.4
Sensiolabs Symfony 2.7.5
Sensiolabs Symfony 2.7.6
Sensiolabs Symfony 2.7.7
Sensiolabs Symfony 2.8.4
Sensiolabs Symfony 2.8.3
Sensiolabs Symfony 2.8.2
Sensiolabs Symfony 2.8.1
Sensiolabs Symfony 2.7.12
Sensiolabs Symfony
Sensiolabs Symfony 3.0.2
Sensiolabs Symfony 3.0.0
Sensiolabs Symfony 2.7.0
Sensiolabs Symfony 2.7.2
Sensiolabs Symfony 2.7.9
Sensiolabs Symfony 2.7.11
Sensiolabs Symfony 3.0.1
Sensiolabs Symfony 2.8.5
Sensiolabs Symfony 2.8.0
7.5
CVSSv3
CVE-2016-1902
The nextBytes function in the SecureRandom class in Symfony prior to 2.3.37, 2.6.x prior to 2.6.13, and 2.7.x prior to 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function f...
Debian Debian Linux 8.0
Sensiolabs Symfony 2.7.7
Sensiolabs Symfony 2.7.6
Sensiolabs Symfony 2.7.5
Sensiolabs Symfony 2.7.4
Sensiolabs Symfony 2.6.3
Sensiolabs Symfony 2.6.2
Sensiolabs Symfony 2.6.1
Sensiolabs Symfony 2.6.0
Sensiolabs Symfony 2.6.11
Sensiolabs Symfony 2.6.10
Sensiolabs Symfony 2.6.9
Sensiolabs Symfony 2.6.8
Sensiolabs Symfony 2.7.2
Sensiolabs Symfony 2.7.0
Sensiolabs Symfony 2.6.6
Sensiolabs Symfony 2.6.4
Sensiolabs Symfony
Sensiolabs Symfony 2.7.8
Sensiolabs Symfony 2.7.3
Sensiolabs Symfony 2.7.1
Sensiolabs Symfony 2.6.12
7.2
CVSSv3
CVE-2018-14774
An issue exists in HttpKernel in Symfony 2.7.0 up to and including 2.7.48, 2.8.0 up to and including 2.8.43, 3.3.0 up to and including 3.3.17, 3.4.0 up to and including 3.4.13, 4.0.0 up to and including 4.0.13, and 4.1.0 up to and including 4.1.2. When using HttpCache, the values...
Sensiolabs Symfony
7.1
CVSSv3
CVE-2019-10912
In Symfony prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. Th...
Sensiolabs Symfony
6.5
CVSSv3
CVE-2023-46733
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in ...
Sensiolabs Symfony
6.5
CVSSv3
CVE-2021-41267
Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning&...
Sensiolabs Symfony
6.5
CVSSv3
CVE-2021-41270
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 prior to 4.4.35 and versions 5.0.0 prior to 5.3.12 are vulnerable to CSV injection, ...
Sensiolabs Symfony
Fedoraproject Fedora 34
Fedoraproject Fedora 35
6.5
CVSSv3
CVE-2017-16790
An issue exists in Symfony prior to 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are the...
Sensiolabs Symfony
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2018-14773
An issue exists in Http Foundation in Symfony 2.7.0 up to and including 2.7.48, 2.8.0 up to and including 2.8.43, 3.3.0 up to and including 3.3.17, 3.4.0 up to and including 3.4.13, 4.0.0 up to and including 4.0.13, and 4.1.0 up to and including 4.1.2. It arises from support for ...
Sensiolabs Symfony
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Drupal Drupal
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »