Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sensiolabs symfony vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-15094
In Symfony prior to 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was...
Sensiolabs Httpclient
Sensiolabs Symfony
Fedoraproject Fedora 32
Fedoraproject Fedora 33
668
VMScore
CVE-2019-11325
An issue exists in Symfony prior to 4.2.12 and 4.3.x prior to 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
Sensiolabs Symfony
668
VMScore
CVE-2019-18889
An issue exists in Symfony 3.4.0 up to and including 3.4.34, 4.2.0 up to and including 4.2.11, and 4.3.0 up to and including 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
Sensiolabs Symfony
Fedoraproject Fedora 31
1 Github repository
668
VMScore
CVE-2017-11365
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.
Sensiolabs Symfony 2.7.30
Sensiolabs Symfony 2.8.23
Sensiolabs Symfony 3.3.3
Sensiolabs Symfony 3.2.10
668
VMScore
CVE-2019-10913
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. T...
Sensiolabs Symfony
2 Github repositories
668
VMScore
CVE-2019-10910
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Sensiolabs Symfony
Drupal Drupal
668
VMScore
CVE-2018-11407
An issue exists in the Ldap component in Symfony 2.8.x prior to 2.8.37, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.7, and 4.0.x prior to 4.0.7. It allows remote malicious users to bypass authentication by logging in with a "null" password and valid username, which trigge...
Sensiolabs Symfony
668
VMScore
CVE-2016-2403
Symfony prior to 2.8.6 and 3.x prior to 3.0.6 allows remote malicious users to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
Sensiolabs Symfony 2.8.1
Sensiolabs Symfony 2.8.2
Sensiolabs Symfony 2.8.3
Sensiolabs Symfony 3.0.4
Sensiolabs Symfony 3.0.5
Sensiolabs Symfony 2.8.4
Sensiolabs Symfony 2.8.5
Sensiolabs Symfony 3.0.0
Sensiolabs Symfony 3.0.1
Sensiolabs Symfony 2.8.0
Sensiolabs Symfony 3.0.2
Sensiolabs Symfony 3.0.3
668
VMScore
CVE-2015-8125
Symfony 2.3.x prior to 2.3.35, 2.6.x prior to 2.6.12, and 2.7.x prior to 2.7.7 might allow remote malicious users to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or (2) Symfony/Comp...
Sensiolabs Symfony 2.3.6
Sensiolabs Symfony 2.3.7
Sensiolabs Symfony 2.3.14
Sensiolabs Symfony 2.3.15
Sensiolabs Symfony 2.3.22
Sensiolabs Symfony 2.3.23
Sensiolabs Symfony 2.3.31
Sensiolabs Symfony 2.3.32
Sensiolabs Symfony 2.6.4
Sensiolabs Symfony 2.6.5
Sensiolabs Symfony 2.7.0
Sensiolabs Symfony 2.7.1
Sensiolabs Symfony 2.3.3
Sensiolabs Symfony 2.3.4
Sensiolabs Symfony 2.3.5
Sensiolabs Symfony 2.3.12
Sensiolabs Symfony 2.3.13
Sensiolabs Symfony 2.3.20
Sensiolabs Symfony 2.3.21
Sensiolabs Symfony 2.3.29
Sensiolabs Symfony 2.3.30
Sensiolabs Symfony 2.6.2
668
VMScore
CVE-2013-1348
The Yaml::parse function in Symfony 2.0.x prior to 2.0.22 remote malicious users to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.
Sensiolabs Symfony 2.0.12
Sensiolabs Symfony 2.0.13
Sensiolabs Symfony 2.0.2
Sensiolabs Symfony 2.0.20
Sensiolabs Symfony 2.0.9
Sensiolabs Symfony 2.0.21
Sensiolabs Symfony 2.0.0
Sensiolabs Symfony 2.0.16
Sensiolabs Symfony 2.0.17
Sensiolabs Symfony 2.0.5
Sensiolabs Symfony 2.0.6
Sensiolabs Symfony 2.0.1
Sensiolabs Symfony 2.0.10
Sensiolabs Symfony 2.0.11
Sensiolabs Symfony 2.0.18
Sensiolabs Symfony 2.0.19
Sensiolabs Symfony 2.0.7
Sensiolabs Symfony 2.0.8
Sensiolabs Symfony 2.0.14
Sensiolabs Symfony 2.0.15
Sensiolabs Symfony 2.0.3
Sensiolabs Symfony 2.0.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »