Lucene search
K

10 matches found

OSV
OSV
added 2016/06/01 10:59 p.m.1 views

DEBIAN-CVE-2016-4423

The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attacker...

7.5CVSS6.9AI score0.01862EPSS
Exploits0References1
OSV
OSV
added 2016/06/01 10:59 p.m.5 views

CVE-2016-4423

The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attacker...

7.5CVSS7.4AI score0.01862EPSS
Exploits0References3
CVE
CVE
added 2016/06/01 10:0 p.m.70 views

CVE-2016-4423

The CVE-2016-4423 issue affects Symfony’s UsernamePasswordFormAuthenticationListener (components: Symfony Security) where the attemptAuthentication function does not bound the maximum length of a username stored in a session. This can be exploited by remote attackers to cause a denial of service ...

7.5CVSS7.2AI score0.01862EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/05/31 12:0 a.m.28 views

Debian DSA-3588-1 : symfony - security update

Two vulnerabilities were discovered in Symfony, a PHP framework. - CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions randombytes or opensslrandompseudobytes are not available, the...

7.5CVSS7.2AI score0.01907EPSS
Exploits0References6
Debian
Debian
added 2016/05/29 5:53 p.m.44 views

[SECURITY] [DSA 3588-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3588-1 [email protected] https://www.debian.org/security/ Luciano Bello May 29, 2016 https://www.debian.org/security/faq -...

5CVSS1.5AI score0.01907EPSS
Exploits0
Debian
Debian
added 2016/05/29 5:53 p.m.25 views

[SECURITY] [DSA 3588-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3588-1 [email protected] https://www.debian.org/security/ Luciano Bello May 29, 2016 https://www.debian.org/security/faq -...

7.5CVSS8.1AI score0.01907EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/05/29 12:0 a.m.25 views

Debian Security Advisory DSA 3588-1 (symfony - security update)

Two vulnerabilities were discovered in Symfony, a PHP framework. CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions randombytes or opensslrandompseudobytes are not available, the outp...

5CVSS7.7AI score0.01907EPSS
Exploits0References1
OSV
OSV
added 2016/05/29 12:0 a.m.22 views

DSA-3588-1 symfony - security update

Bulletin has no description...

7.5CVSS7.3AI score0.01907EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/05/28 12:0 a.m.20 views

Debian: Security Advisory (DSA-3588-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01907EPSS
Exploits0References3
Friends Of PHP
Friends Of PHP
added 2016/05/09 9:13 p.m.26 views

CVE-2016-4423: Large username storage in session

More info at https://symfony.com/cve-2016-4423...

7.5CVSS7.2AI score0.01862EPSS
Exploits0Affected Software1
Rows per page
Query Builder