exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 263

GHSA-mm4c-ww47-3x4c

больше 3 лет назад

** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.

CVSS3: 6.1

EPSS: Низкий

GHSA-mjcw-3g32-5p52

больше 3 лет назад

** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)."

CVSS3: 6.1

EPSS: Низкий

GHSA-mcx4-f5f5-4859

почти 6 лет назад

Prevent cache poisoning via a Response Content-Type header in Symfony

CVSS3: 2.6

EPSS: Низкий

GHSA-m884-279h-32v2

почти 6 лет назад

Exceptions displayed in non-debug configurations in Symfony

CVSS3: 4.6

EPSS: Низкий

GHSA-m2wj-r6g3-fxfx

около 2 лет назад

Symfony possible session fixation vulnerability

CVSS3: 6.5

EPSS: Низкий

GHSA-jjx5-fq5g-8xpc

больше 3 лет назад

Symfony Cryptographic Vulnerability

CVSS3: 7.5

EPSS: Низкий

GHSA-j5jh-hpr4-h332

больше 3 лет назад

Symfony Session Fixation Vulnerability

CVSS3: 3.1

EPSS: Низкий

GHSA-hf4c-m2jg-33qx

больше 3 лет назад

lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.

EPSS: Низкий

GHSA-h7vf-5wrv-9fhv

около 3 лет назад

Symfony storing cookie headers in HttpCache

CVSS3: 5.9

EPSS: Низкий

GHSA-g97c-jfx6-xvxh

больше 3 лет назад

Symfony Vulnerable to Timing Attack

EPSS: Низкий

GHSA-g4rg-rw65-8hfg

больше 3 лет назад

Symfony Session Fixation Vulnerability

CVSS3: 8.1

EPSS: Низкий

GHSA-g4m9-5hpf-hx72

почти 6 лет назад

Firewall configured with unanimous strategy was not actually unanimous in Symfony

CVSS3: 7.6

EPSS: Низкий

GHSA-g4g7-q726-v5hg

больше 3 лет назад

Symfony CSRF Token Fixation

CVSS3: 8.8

EPSS: Низкий

GHSA-cr49-fx2v-9p57

больше 3 лет назад

Symfony Denial of Service Via Long Password Hashing

EPSS: Низкий

GHSA-cqqh-94r6-wjrg

больше 3 лет назад

Symfony SSRF Vulnerability via Form Component

CVSS3: 6.5

EPSS: Низкий

GHSA-c49r-8gj6-768r

больше 3 лет назад

Symfony Directory Traversal

CVSS3: 7.5

EPSS: Низкий

GHSA-9j54-wmcm-g7mf

больше 3 лет назад

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."

EPSS: Низкий

GHSA-92x6-h2gr-8gxq

больше 3 лет назад

Symfony CSRF Vulnerability

CVSS3: 5.9

EPSS: Низкий

GHSA-89r2-5g34-2g47

больше 3 лет назад

Symfony Open Redirect

CVSS3: 6.1

EPSS: Низкий

GHSA-89cp-fvcc-hxh7

больше 3 лет назад

Symfony Access Control Vulnerability

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
GHSA-mm4c-ww47-3x4c DISPUTED The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.	CVSS3: 6.1	0% Низкий	больше 3 лет назад
GHSA-mjcw-3g32-5p52 DISPUTED Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)."	CVSS3: 6.1	0% Низкий	больше 3 лет назад
GHSA-mcx4-f5f5-4859 Prevent cache poisoning via a Response Content-Type header in Symfony	CVSS3: 2.6	0% Низкий	почти 6 лет назад
GHSA-m884-279h-32v2 Exceptions displayed in non-debug configurations in Symfony	CVSS3: 4.6	0% Низкий	почти 6 лет назад
GHSA-m2wj-r6g3-fxfx Symfony possible session fixation vulnerability	CVSS3: 6.5	1% Низкий	около 2 лет назад
GHSA-jjx5-fq5g-8xpc Symfony Cryptographic Vulnerability	CVSS3: 7.5	0% Низкий	больше 3 лет назад
GHSA-j5jh-hpr4-h332 Symfony Session Fixation Vulnerability	CVSS3: 3.1	0% Низкий	больше 3 лет назад
GHSA-hf4c-m2jg-33qx lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.		0% Низкий	больше 3 лет назад
GHSA-h7vf-5wrv-9fhv Symfony storing cookie headers in HttpCache	CVSS3: 5.9	0% Низкий	около 3 лет назад
GHSA-g97c-jfx6-xvxh Symfony Vulnerable to Timing Attack		1% Низкий	больше 3 лет назад
GHSA-g4rg-rw65-8hfg Symfony Session Fixation Vulnerability	CVSS3: 8.1	1% Низкий	больше 3 лет назад
GHSA-g4m9-5hpf-hx72 Firewall configured with unanimous strategy was not actually unanimous in Symfony	CVSS3: 7.6	0% Низкий	почти 6 лет назад
GHSA-g4g7-q726-v5hg Symfony CSRF Token Fixation	CVSS3: 8.8	0% Низкий	больше 3 лет назад
GHSA-cr49-fx2v-9p57 Symfony Denial of Service Via Long Password Hashing		0% Низкий	больше 3 лет назад
GHSA-cqqh-94r6-wjrg Symfony SSRF Vulnerability via Form Component	CVSS3: 6.5	1% Низкий	больше 3 лет назад
GHSA-c49r-8gj6-768r Symfony Directory Traversal	CVSS3: 7.5	1% Низкий	больше 3 лет назад
GHSA-9j54-wmcm-g7mf Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."		1% Низкий	больше 3 лет назад
GHSA-92x6-h2gr-8gxq Symfony CSRF Vulnerability	CVSS3: 5.9	0% Низкий	больше 3 лет назад
GHSA-89r2-5g34-2g47 Symfony Open Redirect	CVSS3: 6.1	0% Низкий	больше 3 лет назад
GHSA-89cp-fvcc-hxh7 Symfony Access Control Vulnerability		0% Низкий	больше 3 лет назад

Уязвимостей на страницу