EUVD-2024-3234

Malicious code in bioql PyPI...

EUVD-2023-0611

Malicious code in bioql PyPI...

EUVD-2024-3285

Malicious code in bioql PyPI...

EUVD-2022-1370

Malicious code in bioql PyPI...

EUVD-2023-2904

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-50340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive ...

CVE-2024-51996 Symphony has an Authentication Bypass via RememberMe

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. Th...

CVE-2024-50342

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

CVE-2024-50343 Incorrect response from Validator when input ends with `\n` in symfony/validator

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...

CVE-2024-50345

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...

Debian dla-3664 : php-symfony - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3664 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3664-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-46735

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

Default credentials

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3...

CVE-2022-24745 Guest session is shared between customers in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

CVE-2022-24745

CVE-2022-24745 affects Shopware (Shopware platform) when HTTP caching is enabled. The issue allows guest sessions to be shared between customers due to improper handling of HTTP cache headers in affected versions (Varnish setups are not affected). Root cause is related to caching behavior that ex...

Fedora: Security Advisory for php-symfony3 (FEDORA-2021-c57937ab9f)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: php-symfony3-3.4.49-1.fc33

Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...

Fedora: Security Advisory for php-symfony4 (FEDORA-2020-fade6a8df7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1999-1 : symfony security update

Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For Debian 8 'Jessie', these problems have been fixed in version 2.3.21+dfsg-4+deb8u6. We recommend that you upgra...

Debian: Security Advisory (DSA-4441-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...