Vulnerabilities > Sensiolabs > Symfony > 2.2.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-10 | CVE-2023-46734 | Cross-site Scripting vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 6.1 |
2023-02-03 | CVE-2022-24894 | Improper Authorization vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 8.8 |
2023-02-03 | CVE-2022-24895 | Session Fixation vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 8.8 |
2022-02-01 | CVE-2022-23601 | Cross-Site Request Forgery (CSRF) vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 6.8 |
2018-07-20 | CVE-2017-18343 | Cross-site Scripting vulnerability in Sensiolabs Symfony The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. | 6.1 |
2016-06-01 | CVE-2016-4423 | Resource Management Errors vulnerability in multiple products The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. | 5.0 |
2016-06-01 | CVE-2016-1902 | Cryptographic Issues vulnerability in multiple products The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 5.0 |
2015-06-24 | CVE-2015-2308 | Code Injection vulnerability in Sensiolabs Symfony Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element. | 6.8 |
2014-12-27 | CVE-2013-5958 | Resource Management Errors vulnerability in Sensiolabs Symfony The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750. | 5.0 |
2014-06-02 | CVE-2013-1397 | Code Injection vulnerability in Sensiolabs Symfony Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. | 7.5 |