Vulnerabilities > Sensiolabs > Symfony > 3.4.12

DATE CVE VULNERABILITY TITLE RISK
2019-05-16 CVE-2019-10911 Improper Authentication vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.
network
high complexity
sensiolabs drupal CWE-287
7.5
7.5
2019-05-16 CVE-2019-10910 SQL Injection vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution.
network
low complexity
sensiolabs drupal CWE-89
critical
 9.8
9.8
2019-05-16 CVE-2019-10909 Cross-site Scripting vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included.
network
low complexity
sensiolabs drupal CWE-79
5.4
5.4
2018-12-18 CVE-2018-19790 Open Redirect vulnerability in multiple products
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1.
network
low complexity
sensiolabs fedoraproject debian CWE-601
6.1
6.1
2018-12-18 CVE-2018-19789 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1.
network
low complexity
sensiolabs debian CWE-434
5.3
5.3
2018-08-03 CVE-2018-14774 Improper Input Validation vulnerability in Sensiolabs Symfony
An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2.
network
low complexity
sensiolabs CWE-20
7.2
7.2
2018-08-03 CVE-2018-14773 An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2.
network
low complexity
sensiolabs debian drupal
6.5
6.5