The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Symfony

Symfony: user account enumeration
An attacker can check names of Symfony users with a timing attack...
CVE-2021-21424, FEDORA-2021-121edb82dd, FEDORA-2021-2d145b95f6, FEDORA-2021-c57937ab9f, FEDORA-2021-f3ad34aa9f, VIGILANCE-VUL-35407
Symfony: code execution via CachingHttpClient
An attacker can use a vulnerability via CachingHttpClient of Symfony, in order to run code...
CVE-2020-15094, FEDORA-2020-16eb328853, VIGILANCE-VUL-33221
Symfony: privilege escalation via AbstractToken-hasUserChanged
An attacker can bypass restrictions via AbstractToken::hasUserChanged() of Symfony, in order to escalate his privileges...
VIGILANCE-VUL-32403
Symfony: Cross Site Request Forgery via LogoutListener
An attacker can trigger a Cross Site Request Forgery via LogoutListener of Symfony, in order to force the victim to perform operations...
36814, VIGILANCE-VUL-32390
Symfony: information disclosure via ErrorHandler
An attacker can bypass access restrictions to data via ErrorHandler of Symfony, in order to obtain sensitive information...
CVE-2020-5274, VIGILANCE-VUL-31910
Symfony: privilege escalation via Firewall accessDecisionManager
An attacker can bypass restrictions via Firewall accessDecisionManager of Symfony, in order to escalate his privileges...
CVE-2020-5275, VIGILANCE-VUL-31909
Symfony: spoofing via Content-Type Cache Poisoning
An attacker can create spoofed data via Content-Type Cache Poisoning of Symfony, in order to deceive the victim...
CVE-2020-5255, VIGILANCE-VUL-31908
Symfony: code execution via AbstractAdapter / TagAwareAdapter
An attacker can use a vulnerability via AbstractAdapter / TagAwareAdapter of Symfony, in order to run code...
CVE-2019-18889, DSA-4573-1, FEDORA-2019-8b0ba02338, VIGILANCE-VUL-30865
Symfony: privilege escalation via MimeTypeGuesser Argument Injection
An attacker can bypass restrictions via MimeTypeGuesser Argument Injection of Symfony, in order to escalate his privileges...
CVE-2019-18888, DLA-1999-1, DSA-4573-1, FEDORA-2019-8b0ba02338, VIGILANCE-VUL-30864
Symfony: information disclosure via UriSigner Time Comparison
An attacker can bypass access restrictions to data via UriSigner Time Comparison of Symfony, in order to obtain sensitive information...
CVE-2019-18887, DLA-1999-1, DSA-4573-1, FEDORA-2019-5ae4fd9203, FEDORA-2019-8b0ba02338, FEDORA-2019-9c2ad3b018, VIGILANCE-VUL-30863
Our database contains other pages. You can request a free trial to read them.

Display information about Symfony: