10 matches found
DEBIAN-CVE-2016-4423
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attacker...
CVE-2016-4423
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attacker...
CVE-2016-4423
The CVE-2016-4423 issue affects Symfony’s UsernamePasswordFormAuthenticationListener (components: Symfony Security) where the attemptAuthentication function does not bound the maximum length of a username stored in a session. This can be exploited by remote attackers to cause a denial of service ...
Debian DSA-3588-1 : symfony - security update
Two vulnerabilities were discovered in Symfony, a PHP framework. - CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions randombytes or opensslrandompseudobytes are not available, the...
[SECURITY] [DSA 3588-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3588-1 [email protected] https://www.debian.org/security/ Luciano Bello May 29, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3588-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3588-1 [email protected] https://www.debian.org/security/ Luciano Bello May 29, 2016 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3588-1 (symfony - security update)
Two vulnerabilities were discovered in Symfony, a PHP framework. CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions randombytes or opensslrandompseudobytes are not available, the outp...
DSA-3588-1 symfony - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3588-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-4423: Large username storage in session
More info at https://symfony.com/cve-2016-4423...