Vulnerabilities > Sensiolabs

DATE CVE VULNERABILITY TITLE RISK
2018-06-13 CVE-2017-16652 Open Redirect vulnerability in multiple products
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13.
network
low complexity
sensiolabs debian CWE-601
6.1
2017-02-07 CVE-2016-2403 Improper Authentication vulnerability in Sensiolabs Symfony
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
network
low complexity
sensiolabs CWE-287
critical
9.8
2016-06-01 CVE-2016-4423 Resource Management Errors vulnerability in multiple products
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
network
low complexity
sensiolabs debian CWE-399
7.5
2016-06-01 CVE-2016-1902 Cryptographic Issues vulnerability in multiple products
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
network
low complexity
debian sensiolabs CWE-310
7.5