Vulnerabilities > Sensiolabs > Symfony > 2.1.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-10 | CVE-2023-46734 | Unspecified vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 6.1 |
2023-02-03 | CVE-2022-24894 | Unspecified vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 8.8 |
2023-02-03 | CVE-2022-24895 | Insufficient Session Expiration vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 8.8 |
2022-02-01 | CVE-2022-23601 | Unspecified vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 8.8 |
2020-01-02 | CVE-2013-4752 | Cross-site Scripting vulnerability in multiple products Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. | 6.1 |
2019-11-01 | CVE-2013-4751 | Improper Input Validation vulnerability in multiple products php-symfony2-Validator has loss of information during serialization | 8.1 |
2018-07-20 | CVE-2017-18343 | Cross-site Scripting vulnerability in Sensiolabs Symfony The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. | 6.1 |
2016-06-01 | CVE-2016-4423 | Resource Management Errors vulnerability in multiple products The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. | 7.5 |
2016-06-01 | CVE-2016-1902 | Cryptographic Issues vulnerability in multiple products The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 7.5 |