EUVD-2022-2728

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-14774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, a...

PT-2024-10556 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: Symfony HttpKernel component versions 2.2.X through 2.5.X Description: This issue affects applications with the ESI feature enabled and a proxy in front of the web application. The FragmentHandler considers requests to render fragments as...

CVE-2015-4050

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...

CVE-2015-4050: ESI unauthorized access

Affected Versions 2.3.19 - 2.3.28, 2.4.9 - 2.4.10, 2.5.4 - 2.5.11, 2.6.0 - 2.6.7 versions of the Symfony HttpKernel component are affected by this security issue. This issue has been fixed in Symfony 2.3.29, 2.5.12, and 2.6.8. Note that no fixes are provided for Symfony 2.4 as it's not maintained...