NotCVE - vendor:"Sensiolabs" product:"Symfony" version:" >= 3.3.0 <= 3.3.17"

Page 4 of 33 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-11407

https://notcve.org/view.php?id=CVE-2018-11407

13 Jun 2018 — An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403. Se ha descubierto un problema en el componente Ldap en Symfony en versiones 2.8.x anteriores a la 2.8.37, versiones 3.3.x anteriores a la 3.3.17, ve... • https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-11408

https://notcve.org/view.php?id=CVE-2018-11408

13 Jun 2018 — The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652. Los gestores de seguridad en el componente Security en Symfony en versiones 2.7.x anteriores a la 2.7.48, versiones 2.8.x anteriores a la 2.8.41, versiones 3.3.x anteriores a la 3.3... • https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

CVE-2018-12040 – SensioLabs Symfony 3.3.6 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2018-12040

09 Jun 2018 — Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues). ** EN DISPUTA ** Vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el generador de perfiles web en Symfony 3.3.6, de... • https://packetstorm.news/files/id/148125 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4