| CVE-2015-8124 |
medium |
— |
6.8 |
|
|
|
11y ago |
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a sess… |
| CVE-2012-6431 |
medium |
— |
6.4 |
|
|
|
14y ago |
Symfony Allows URI Restrictions Bypass Via Double-Encoded String |
| CVE-2013-5958 |
medium |
— |
5.0 |
|
|
|
12y ago |
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a lon… |
| CVE-2017-11365 |
unknown |
— |
— |
|
|
|
4y ago |
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The compo… |
| CVE-2018-11407 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by l… |
| CVE-2018-11385 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil… |
| CVE-2017-16652 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler t… |
| CVE-2018-11406 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session … |
| CVE-2018-19790 |
unknown |
— |
— |
|
|
|
4y ago |
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_f… |
| CVE-2017-16653 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different token… |
| CVE-2021-21424 |
unknown |
— |
— |
|
|
|
5y ago |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling de… |
| CVE-2020-5275 |
unknown |
— |
— |
|
|
|
6y ago |
In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides … |
| CVE-2019-10911 |
unknown |
— |
— |
|
|
|
6y ago |
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with… |
