CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/05/14 1:14 a.m.•24 views

GHSA-R2RQ-3H56-FQM4 Symfony DoS

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...

5.9CVSS6.5AI score0.01086EPSS

Exploits0References10

Github Security Blog•added 2022/05/14 1:14 a.m.•24 views

Symfony DoS

5.9CVSS6.7AI score0.01086EPSS

Exploits0References10Affected Software2

OSV•added 2022/05/05 12:29 a.m.•17 views

GHSA-22PV-7V9J-HQXP Symfony Host Header Injection vulnerability in the HttpFoundation component

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to...

6.1CVSS6AI score0.00928EPSS

Exploits0References20

Github Security Blog•added 2022/05/05 12:29 a.m.•62 views

Symfony Host Header Injection vulnerability in the HttpFoundation component

6.1CVSS6.8AI score0.00928EPSS

Exploits0References20Affected Software2

OSV•added 2021/03/15 10:18 p.m.•1 views

USN-4836-1 symfony vulnerability

It was discovered that Symfony through the HttpFoundation component allowed unauthorized access on a misconfigured LDAP server. A remote attacker could use this vulnerability to gain unauthorized access...

9.8CVSS7.3AI score0.00141EPSS

Prion•added 2020/01/02 5:15 p.m.•20 views

Hardcoded credentials

4.3CVSS6.8AI score0.00928EPSS

Exploits0References15Affected Software2

Cvelist•added 2020/01/02 4:7 p.m.•34 views

CVE-2013-4752

6.3AI score0.00928EPSS

Exploits0References15

CVE•added 2020/01/02 4:7 p.m.•76 views

CVE-2013-4752

The CVE-2013-4752 issue affects Symfony’s HttpFoundation component across Symfony 2.0.x up to 2.0.24, 2.1.x up to 2.1.12, 2.2.x up to 2.2.5, and 2.3.x up to 2.3.3. The vulnerability arises because the Host header can be manipulated when the framework generates an absolute URL, enabling a remote a...

6.1CVSS6.2AI score0.00928EPSS

Exploits0References15Affected Software1

BDU FSTEC•added 2019/11/25 12:0 a.m.•2 views

The vulnerability of the HttpFoundation component in the Symfony software development and web application management platform allows attackers to induce a service failure.

The vulnerability of the HttpFoundation component in the Symfony software development and web application management platform is related to an incorrect session expiration time. Exploiting this vulnerability allows a malicious actor to cause service failures...

5.9CVSS0.01086EPSS

Exploits0References8Affected Software3

Tenable Nessus•added 2019/05/02 12:0 a.m.•33 views

Fedora 30 : php-symfony (2019-0ef4149687)

Version 2.8.50 2019-04-17 - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security cve-2019-10909 FrameworkBundleForm Fix XSS issues in the form theme of the PHP templating engine stof - security cve-2019-10912 PHPUnit Bridge Prevent destructors with side-effects from...

Tenable Nessus•added 2019/05/02 12:0 a.m.•39 views

Fedora 30 : php-symfony4 (2019-f5d6a7ce74)

Version 4.2.7 2019-04-17 - bug 31107 Routing fix trailing slash redirection with non-greedy trailing vars nicolas-grekas - bug 31108 FrameworkBundle decorate the ValidatorBuilder's translator with LegacyTranslatorProxy nicolas-grekas - bug 31121 HttpKernel Fix get session when the request stack i...

Tenable Nessus•added 2019/04/29 12:0 a.m.•30 views

Fedora 29 : php-symfony (2019-f8db687840)

Tenable Nessus•added 2019/04/29 12:0 a.m.•36 views

Fedora 29 : php-symfony3 (2019-a3ca65028c)

Version 3.4.26 2019-04-17 - bug 31084 HttpFoundation Make MimeTypeExtensionGuesser case insensitive vermeirentony - bug 31142 Revert 'bug 30423 Security Rework firewall's access denied rule dimabory' chalasr - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security...

Tenable Nessus•added 2019/04/29 12:0 a.m.•32 views

Fedora 28 : php-symfony (2019-3ee6a7adf2)

Tenable Nessus•added 2019/01/03 12:0 a.m.•26 views

Fedora 28 : php-symfony (2018-9b54497b6e)

2.8.44 2018-08-01 - security cve-2018-14774 HttpKernel fix trusted headers management in HttpCache and InlineFragmentRenderer nicolas-grekas - security cve-2018-14773 HttpFoundation Remove support for legacy and risky HTTP headers nicolas-grekas - bug 28003 HttpKernel Fixes invalid REMOTEADDR in...

7.2CVSS7.4AI score0.16652EPSS

IBM Security Bulletins•added 2018/08/23 4:19 p.m.•21 views

Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773)

Summary IBM API Connect has fixed the following vulnerability. API Connect is impacted by vulnerabilities addressed in the Drupal 8 advisory https://www.drupal.org/SA-CORE-2018-005 Vulnerability Details CVEID: CVE-2018-14773 DESCRIPTION: Drupal Core could allow a remote attacker to bypass securit...

6.5CVSS0.8AI score0.16652EPSS

Exploits0Affected Software1

Tenable Nessus•added 2018/08/15 12:0 a.m.•28 views

Fedora 27 : php-symfony3 (2018-6f3ceeb7cb)

3.3.18 2018-08-01 - security cve-2018-14774 HttpKernel fix trusted headers management in HttpCache and InlineFragmentRenderer nicolas-grekas - security cve-2018-14773 HttpFoundation Remove support for legacy and risky HTTP headers nicolas-grekas Note that Tenable Network Security has extracted th...

7.2CVSS7.4AI score0.16652EPSS

Tenable Nessus•added 2018/08/15 12:0 a.m.•25 views

Fedora 27 : php-symfony (2018-4deae442f2)

7.2CVSS7.4AI score0.16652EPSS