Page 4 of 17 results (0.002 seconds)

CVSS: 5.0EPSS: 0%CPEs: 53EXPL: 0

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750. El componente de seguridad en Symfony 2.0.x anterior a 2.0.25, 2.1.x anterior a 2.1.13, 2.2.x anterior a 2.2.9, y 2.3.x anterior a 2.3.6 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de una contraseña larga que lanza un hash con alta carga de computación, como lo demuestra el cálculo PBKDF2, un problema similar a CVE-2013-5750 • http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. Symfony 2.0.x anterior a 2.0.22, 2.1.x anterior a 2.1.7 y 2.2.x permite a atacantes remotos ejecutar código PHP arbitrario a través de un objeto PHP serializado hacia la función (1) Yaml::parse o (2) Yaml\Parser::parse, una vulnerabilidad diferente a CVE-2013-1348. • http://secunia.com/advisories/51980 http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released http://www.securityfocus.com/bid/57574 https://exchange.xforce.ibmcloud.com/vulnerabilities/81551 • CWE-94: Improper Control of Generation of Code ('Code Injection') •