Количество 244
Количество 244
CVE-2013-4751
php-symfony2-Validator has loss of information during serialization
CVE-2013-1397
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
CVE-2013-1397
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote atta ...
CVE-2013-1348
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.
CVE-2013-1348
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ...
CVE-2012-6432
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.
CVE-2012-6431
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
CVE-2012-5574
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.
CVE-2012-2667
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
CVE-2012-2667
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
BDU:2024-10934
Уязвимость класса FormLoginAuthenticator программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю обойти процедуру аутентификации и вызвать отказ в обслуживании
BDU:2023-08236
Уязвимость функции SessionStrategyListener программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
GHSA-q847-2q57-wmr3
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
GHSA-pgwj-prpq-jpc2
Symfony Service IDs Allow Injection
GHSA-g996-q5r8-w7g2
Symfony Cross-site Scripting (XSS) vulnerability
GHSA-cchx-mfrc-fwqr
Improper authentication in Symfony
GHSA-8wgj-6wx8-h5hq
Symfony HTTP Foundation web cache poisoning
GHSA-754h-5r27-7x3r
RCE in Symfony
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2013-4751 php-symfony2-Validator has loss of information during serialization | CVSS3: 8.1 | 1% Низкий | больше 5 лет назад |
| CVE-2013-1397 Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. | CVSS2: 7.5 | 1% Низкий | около 11 лет назад |
| CVE-2013-1397 Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote atta ... | CVSS2: 7.5 | 1% Низкий | около 11 лет назад |
| CVE-2013-1348 The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. | CVSS2: 7.5 | 1% Низкий | около 11 лет назад |
| CVE-2013-1348 The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ... | CVSS2: 7.5 | 1% Низкий | около 11 лет назад |
| CVE-2012-6432 Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring. | CVSS2: 6.8 | 0% Низкий | больше 12 лет назад |
| CVE-2012-6431 Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. | CVSS2: 6.4 | 0% Низкий | больше 12 лет назад |
| CVE-2012-5574 lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | CVSS2: 5 | 0% Низкий | больше 12 лет назад |
 | CVE-2012-2667 Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." | CVSS2: 4.3 | 1% Низкий | около 13 лет назад |
| CVE-2012-2667 Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." | CVSS2: 4.3 | 1% Низкий | около 13 лет назад |
 | BDU:2024-10934 Уязвимость класса FormLoginAuthenticator программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю обойти процедуру аутентификации и вызвать отказ в обслуживании | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
| BDU:2023-08236 Уязвимость функции SessionStrategyListener программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю оказать воздействие на целостность защищаемой информации | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
| GHSA-q847-2q57-wmr3 Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
| GHSA-pgwj-prpq-jpc2 Symfony Service IDs Allow Injection | CVSS3: 9.8 | 18% Средний | больше 5 лет назад |
| GHSA-g996-q5r8-w7g2 Symfony Cross-site Scripting (XSS) vulnerability | CVSS3: 5.4 | 1% Низкий | больше 5 лет назад |
| GHSA-cchx-mfrc-fwqr Improper authentication in Symfony | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
| GHSA-8wgj-6wx8-h5hq Symfony HTTP Foundation web cache poisoning | CVSS3: 6.5 | 5% Низкий | около 3 лет назад |
| GHSA-754h-5r27-7x3r RCE in Symfony | CVSS3: 8 | 2% Низкий | почти 5 лет назад |
| CVE-2023-46734 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
| CVE-2023-46734 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу