Symfony@2.6.9 Security Vulnerabilities and Issues — Symfony@2.6.9 CVE List

Lucene search

SensiolabsSymfony2.6.9

3 matches found

CVE•added 2016/06/01 10:59 p.m.•72 views

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easi...

7.5CVSS7.2AI score0.00397EPSS

CVE•added 2015/12/07 8:59 p.m.•61 views

CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or (2) Symfony/Component/Security/Http/Firewall/Di...

7.5CVSS6.8AI score0.01008EPSS

CVE•added 2015/12/07 8:59 p.m.•53 views

CVE-2015-8124

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.

6.8CVSS6.4AI score0.00247EPSS