Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2022-24895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the...

8.8CVSS7.1AI score0.0079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/12 12:0 a.m.40 views

Debian dla-3493 : php-symfony - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3493 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3493-1 [email protected]...

8.8CVSS6.8AI score0.01712EPSS
Exploits0References8
Debian
Debian
added 2023/07/11 11:19 p.m.31 views

[SECURITY] [DLA 3493-1] symfony security update

Debian LTS Advisory DLA-3493-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 11, 2023 https://wiki.debian.org/LTS Package : symfony Version : 3.4.22+dfsg-2+deb10u2 CVE ID : CVE-2021-21424 CVE-2022-24894 CVE-2022-24895 Multiple security vulnerabilities were...

8.8CVSS6.6AI score0.01712EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/02/11 12:0 a.m.46 views

Fedora 37 : php-symfony4 (2023-74b702f058)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-74b702f058 advisory. Version 4.4.50 2023-02-01 security cve-2022-24895 Security/Http Remove CSRF tokens from storage on successful login nicolas-grekas security...

8.8CVSS7.1AI score0.0079EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/02/11 12:0 a.m.19 views

Fedora: Security Advisory for php-symfony4 (FEDORA-2023-aecde14648)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.0079EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/02/06 12:0 a.m.19 views

Symfony Multiple Vulnerabilities (GHSA-h7vf-5wrv-9fhv, GHSA-3gv2-29qc-v67m)

Symfony is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.0079EPSS
Exploits0References2
CVE
CVE
added 2023/02/03 9:45 p.m.112 views

CVE-2022-24895

Summary of CVE-2022-24895 : Symfony’s authentication flow regenerates the session ID on login but does not clear CSRF tokens, allowing a potential session-fixation–style attack that could bypass CSRF protection. This is described as a vulnerability in Symfony’s session handling and CSRF-token cle...

8.8CVSS7.3AI score0.0079EPSS
Exploits0References5Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/02/01 8:0 a.m.23 views

CVE-2022-24895: Possible CSRF token fixation

More info at https://symfony.com/cve-2022-24895...

8.8CVSS7.2AI score0.0079EPSS
Exploits0Affected Software1
Rows per page
Query Builder