VulnerableCode Package Details - pkg:deb/debian/symfony@2.8.6%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-72pa-a6sv-fyg6	Unauthorized access on a misconfigured LDAP server There's a flaw in `LdapBindAuthenticationProvider` that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.	CVE-2016-2403 GHSA-wvj5-r78r-hhfq
VCID-nsk8-bk5e-tbfh	CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.	CVE-2016-4423 GHSA-whgv-8cg3-7hcm

Vulnerability

Summary

Aliases

VCID-72pa-a6sv-fyg6

Unauthorized access on a misconfigured LDAP server There's a flaw in `LdapBindAuthenticationProvider` that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.

CVE-2016-2403
GHSA-wvj5-r78r-hhfq

VCID-nsk8-bk5e-tbfh

CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.

CVE-2016-4423
GHSA-whgv-8cg3-7hcm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:48:03.518797+00:00	Debian Importer	Fixing	VCID-72pa-a6sv-fyg6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:52:05.550229+00:00	Debian Importer	Fixing	VCID-nsk8-bk5e-tbfh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:46:52.938482+00:00	Debian Importer	Fixing	VCID-72pa-a6sv-fyg6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:57:17.228479+00:00	Debian Importer	Fixing	VCID-nsk8-bk5e-tbfh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:53:41.411867+00:00	Debian Importer	Fixing	VCID-nsk8-bk5e-tbfh	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:41.370727+00:00	Debian Importer	Fixing	VCID-72pa-a6sv-fyg6	https://security-tracker.debian.org/tracker/data/json	38.1.0