Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sensiolabs symfony vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2018-11386
An issue exists in the HttpFoundation component in Symfony 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and...
Sensiolabs Symfony
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2018-11406
An issue exists in the Security component in Symfony 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled ...
Sensiolabs Symfony
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2018-11408
The security handlers in the Security component in Symfony in 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this i...
Sensiolabs Symfony
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2016-2403
Symfony prior to 2.8.6 and 3.x prior to 3.0.6 allows remote malicious users to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
Sensiolabs Symfony 2.8.1
Sensiolabs Symfony 2.8.2
Sensiolabs Symfony 2.8.3
Sensiolabs Symfony 3.0.4
Sensiolabs Symfony 3.0.5
Sensiolabs Symfony 2.8.4
Sensiolabs Symfony 2.8.5
Sensiolabs Symfony 3.0.0
Sensiolabs Symfony 3.0.1
Sensiolabs Symfony 2.8.0
Sensiolabs Symfony 3.0.2
Sensiolabs Symfony 3.0.3
7.5
CVSSv3
CVE-2016-1902
The nextBytes function in the SecureRandom class in Symfony prior to 2.3.37, 2.6.x prior to 2.6.13, and 2.7.x prior to 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function f...
Debian Debian Linux 8.0
Sensiolabs Symfony 2.7.7
Sensiolabs Symfony 2.7.6
Sensiolabs Symfony 2.7.5
Sensiolabs Symfony 2.7.4
Sensiolabs Symfony 2.6.3
Sensiolabs Symfony 2.6.2
Sensiolabs Symfony 2.6.1
Sensiolabs Symfony 2.6.0
Sensiolabs Symfony 2.6.11
Sensiolabs Symfony 2.6.10
Sensiolabs Symfony 2.6.9
Sensiolabs Symfony 2.6.8
Sensiolabs Symfony 2.7.2
Sensiolabs Symfony 2.7.0
Sensiolabs Symfony 2.6.6
Sensiolabs Symfony 2.6.4
Sensiolabs Symfony
Sensiolabs Symfony 2.7.8
Sensiolabs Symfony 2.7.3
Sensiolabs Symfony 2.7.1
Sensiolabs Symfony 2.6.12
7.5
CVSSv3
CVE-2016-4423
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony prior to 2.3.41, 2.7.x prior to 2.7.13, 2.8.x prior to 2.8.6, and 3.0.x prior to 3.0.6 does not limit the length of a username stored in a session, whi...
Sensiolabs Symfony 3.0.5
Sensiolabs Symfony 3.0.4
Sensiolabs Symfony 3.0.3
Sensiolabs Symfony 2.7.4
Sensiolabs Symfony 2.7.5
Sensiolabs Symfony 2.7.6
Sensiolabs Symfony 2.7.7
Sensiolabs Symfony 2.8.4
Sensiolabs Symfony 2.8.3
Sensiolabs Symfony 2.8.2
Sensiolabs Symfony 2.8.1
Sensiolabs Symfony 2.7.12
Sensiolabs Symfony
Sensiolabs Symfony 3.0.2
Sensiolabs Symfony 3.0.0
Sensiolabs Symfony 2.7.0
Sensiolabs Symfony 2.7.2
Sensiolabs Symfony 2.7.9
Sensiolabs Symfony 2.7.11
Sensiolabs Symfony 3.0.1
Sensiolabs Symfony 2.8.5
Sensiolabs Symfony 2.8.0
NA
CVE-2015-8124
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x prior to 2.3.35, 2.6.x prior to 2.6.12, and 2.7.x prior to 2.7.7 allows remote malicious users to hijack web sessions via a session id.
Sensiolabs Symfony 2.3.24
Sensiolabs Symfony 2.3.33
Sensiolabs Symfony 2.3.2
Sensiolabs Symfony 2.3.8
Sensiolabs Symfony 2.3.21
Sensiolabs Symfony 2.3.7
Sensiolabs Symfony 2.3.14
Sensiolabs Symfony 2.3.12
Sensiolabs Symfony 2.3.17
Sensiolabs Symfony 2.6.6
Sensiolabs Symfony 2.6.9
Sensiolabs Symfony 2.7.3
Sensiolabs Symfony 2.7.2
Sensiolabs Symfony 2.3.27
Sensiolabs Symfony 2.3.32
Sensiolabs Symfony 2.3.19
Sensiolabs Symfony 2.3.6
Sensiolabs Symfony 2.3.4
Sensiolabs Symfony 2.3.31
Sensiolabs Symfony 2.3.5
Sensiolabs Symfony 2.3.22
Sensiolabs Symfony 2.3.10
NA
CVE-2015-8125
Symfony 2.3.x prior to 2.3.35, 2.6.x prior to 2.6.12, and 2.7.x prior to 2.7.7 might allow remote malicious users to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or (2) Symfony/Comp...
Sensiolabs Symfony 2.3.6
Sensiolabs Symfony 2.3.7
Sensiolabs Symfony 2.3.14
Sensiolabs Symfony 2.3.15
Sensiolabs Symfony 2.3.22
Sensiolabs Symfony 2.3.23
Sensiolabs Symfony 2.3.31
Sensiolabs Symfony 2.3.32
Sensiolabs Symfony 2.6.4
Sensiolabs Symfony 2.6.5
Sensiolabs Symfony 2.7.0
Sensiolabs Symfony 2.7.1
Sensiolabs Symfony 2.3.3
Sensiolabs Symfony 2.3.4
Sensiolabs Symfony 2.3.5
Sensiolabs Symfony 2.3.12
Sensiolabs Symfony 2.3.13
Sensiolabs Symfony 2.3.20
Sensiolabs Symfony 2.3.21
Sensiolabs Symfony 2.3.29
Sensiolabs Symfony 2.3.30
Sensiolabs Symfony 2.6.2
NA
CVE-2015-2308
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x prior to 2.3.27, 2.4.x and 2.5.x prior to 2.5.11, and 2.6.x prior to 2.6.6 allows remote malicious users to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.
Sensiolabs Symfony 2.0.14
Sensiolabs Symfony 2.0.15
Sensiolabs Symfony 2.0.21
Sensiolabs Symfony 2.0.22
Sensiolabs Symfony 2.1.0
Sensiolabs Symfony 2.1.1
Sensiolabs Symfony 2.2.0
Sensiolabs Symfony 2.2.1
Sensiolabs Symfony 2.2.6
Sensiolabs Symfony 2.2.8
Sensiolabs Symfony 2.3.25
Sensiolabs Symfony 2.3.26
Sensiolabs Symfony 2.4.7
Sensiolabs Symfony 2.4.8
Sensiolabs Symfony 2.5.4
Sensiolabs Symfony 2.5.5
Sensiolabs Symfony 2.6.4
Sensiolabs Symfony 2.6.5
Sensiolabs Symfony 2.0.10
Sensiolabs Symfony 2.0.11
Sensiolabs Symfony 2.0.18
Sensiolabs Symfony 2.0.19
NA
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 up to and including 2.3.28, 2.4.9 up to and including 2.4.10, 2.5.4 up to and including 2.5.11, and 2.6.0 up to and including 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set,...
Sensiolabs Symfony 2.3.20
Sensiolabs Symfony 2.3.21
Sensiolabs Symfony 2.3.28
Sensiolabs Symfony 2.4.9
Sensiolabs Symfony 2.5.10
Sensiolabs Symfony 2.5.11
Sensiolabs Symfony 2.6.7
Sensiolabs Symfony 2.3.24
Sensiolabs Symfony 2.3.25
Sensiolabs Symfony 2.5.5
Sensiolabs Symfony 2.5.6
Sensiolabs Symfony 2.5.7
Sensiolabs Symfony 2.6.3
Sensiolabs Symfony 2.6.4
Sensiolabs Symfony 2.3.19
Sensiolabs Symfony 2.3.26
Sensiolabs Symfony 2.3.27
Sensiolabs Symfony 2.5.8
Sensiolabs Symfony 2.5.9
Sensiolabs Symfony 2.6.5
Sensiolabs Symfony 2.6.6
Sensiolabs Symfony 2.3.22
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »