| CVE-2016-2403 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. |
| CVE-2015-8124 |
medium |
— |
6.8 |
|
|
|
11y ago |
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a sess… |
| CVE-2012-6431 |
medium |
— |
6.4 |
|
|
|
14y ago |
Symfony Allows URI Restrictions Bypass Via Double-Encoded String |
| CVE-2013-5958 |
medium |
— |
5.0 |
|
|
|
12y ago |
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a lon… |
