Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4441-1:4957F
HistoryMay 10, 2019 - 6:26 a.m.

[SECURITY] [DSA 4441-1] symfony security update

2019-05-1006:26:19
lists.debian.org
196

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

31.4%

JSON

Debian Security Advisory DSA-4441-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
May 10, 2019 https://www.debian.org/security/faq

Package : symfony
CVE ID : CVE-2018-14773 CVE-2018-19789 CVE-2018-19790 CVE-2019-10909
CVE-2019-10910 CVE-2019-10911 CVE-2019-10912 CVE-2019-10913

Multiple vulnerabilities were discovered in the Symfony PHP framework
which could lead to cache bypass, authentication bypass, information
disclosure, open redirect, cross-site request forgery, deletion of
arbitrary files, or arbitrary code execution.

For the stable distribution (stretch), these problems have been fixed in
version 2.8.7+dfsg-1.3+deb9u2.

We recommend that you upgrade your symfony packages.

For the detailed security status of symfony please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/symfony

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8allphp-symfony-http-foundation< 2.3.21+dfsg-4+deb8u5php-symfony-http-foundation_2.3.21+dfsg-4+deb8u5_all.deb
Debian8allphp-symfony-event-dispatcher< 2.3.21+dfsg-4+deb8u5php-symfony-event-dispatcher_2.3.21+dfsg-4+deb8u5_all.deb
Debian8allphp-symfony-propel1-bridge< 2.3.21+dfsg-4+deb8u5php-symfony-propel1-bridge_2.3.21+dfsg-4+deb8u5_all.deb
Debian9allphp-symfony-debug< 2.8.7+dfsg-1.3+deb9u2php-symfony-debug_2.8.7+dfsg-1.3+deb9u2_all.deb
Debian9allphp-symfony-swiftmailer-bridge< 2.8.7+dfsg-1.3+deb9u2php-symfony-swiftmailer-bridge_2.8.7+dfsg-1.3+deb9u2_all.deb
Debian8allphp-symfony-proxy-manager-bridge< 2.3.21+dfsg-4+deb8u5php-symfony-proxy-manager-bridge_2.3.21+dfsg-4+deb8u5_all.deb
Debian9allphp-symfony-class-loader< 2.8.7+dfsg-1.3+deb9u2php-symfony-class-loader_2.8.7+dfsg-1.3+deb9u2_all.deb
Debian9allphp-symfony-monolog-bridge< 2.8.7+dfsg-1.3+deb9u2php-symfony-monolog-bridge_2.8.7+dfsg-1.3+deb9u2_all.deb
Debian8allphp-symfony-console< 2.3.21+dfsg-4+deb8u5php-symfony-console_2.3.21+dfsg-4+deb8u5_all.deb
Debian8allphp-symfony-intl< 2.3.21+dfsg-4+deb8u5php-symfony-intl_2.3.21+dfsg-4+deb8u5_all.deb
Rows per page:
1-10 of 891

Related

debian 3
openvas 31
osv 18
nessus 31
fedora 25
freebsd 2
drupal 3
ibm 2
thn 2
symfony 8
veracode 8
prion 8
cve 8
ubuntucve 8
debiancve 8
github 7
typo3 1
redhatcve 1
debian
debian
[SECURITY] [DSA 4441-1] symfony security update
2019-05-10 06:26:19
[SECURITY] [DLA 1778-1] symfony security update
2019-05-06 19:15:39
[SECURITY] [DLA 1707-1] symfony security update
2019-03-10 01:19:23
openvas
openvas
Debian Security Advisory DSA 4441-1 (symfony - security update)
2019-05-11 00:00:00
Symfony 2.7.x < 2.7.51, 2.8.x < 2.8.50, 3.x < 3.4.26, 4.x < 4.1.12, 4.2.x < 4.2.7 Multiple Vulnerabilities
2019-05-20 00:00:00
Debian LTS: Security Advisory for symfony (DLA-1778-1)
2019-05-07 00:00:00
osv
osv
symfony - security update
2019-05-10 00:00:00
symfony - security update
2019-05-06 00:00:00
symfony - security update
2019-03-09 00:00:00
nessus
nessus
Debian DSA-4441-1 : symfony - security update
2019-05-13 00:00:00
Fedora 28 : php-symfony3 (2019-2a7f472198)
2019-04-29 00:00:00
Fedora 29 : php-symfony4 (2019-32067d8b15)
2019-04-29 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: php-symfony-2.8.51-1.fc29
2019-04-27 23:12:01
[SECURITY] Fedora 29 Update: php-symfony4-4.1.12-1.fc29
2019-04-27 23:12:03
[SECURITY] Fedora 30 Update: php-symfony-2.8.51-1.fc30
2019-04-27 21:35:08
freebsd
freebsd
drupal -- Drupal core - Moderately critical
2019-04-17 00:00:00
TYPO3 -- multiple vulnerabilities
2019-06-28 00:00:00
drupal
drupal
Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005
2019-04-17 00:00:00
Drupal Core - 3rd-party libraries -SA-CORE-2018-005
2018-08-01 00:00:00
Drupal Core - 3rd-party libraries -SA-CORE-2018-005
2018-08-01 00:00:00
ibm
ibm
Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-11358)
2019-05-31 13:40:01
Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773)
2018-08-23 16:19:33
thn
thn
Drupal Releases Core CMS Updates to Patch Several Vulnerabilities
2019-04-17 21:51:00
Symfony Flaw Leaves Drupal Sites Vulnerable to Hackers—Patch Now
2018-08-03 11:13:00
symfony
symfony
CVE-2018-19789: Disclosure of uploaded files full path
2018-12-06 00:00:00
CVE-2018-19790: Open Redirect Vulnerability when using Security\Http
2018-12-06 00:00:00
CVE-2019-10909: Escape validation messages in the PHP templating engine
2019-04-17 00:00:00
veracode
veracode
Open Redirect
2018-12-19 01:52:36
Information Disclosure
2018-12-19 06:03:31
Cross-site Scripting (XSS)
2019-04-18 04:55:27
prion
prion
Remote code execution
2018-12-18 22:29:00
Input validation
2019-05-16 22:29:00
Open redirect
2018-12-18 22:29:00
cve
cve
CVE-2018-19789
2018-12-18 22:29:00
CVE-2019-10909
2019-05-16 22:29:00
CVE-2018-19790
2018-12-18 22:29:00
ubuntucve
ubuntucve
CVE-2018-19789
2018-12-18 00:00:00
CVE-2019-10909
2019-05-16 00:00:00
CVE-2018-19790
2018-12-18 00:00:00
debiancve
debiancve
CVE-2018-19789
2018-12-18 22:29:00
CVE-2019-10909
2019-05-16 22:29:00
CVE-2018-19790
2018-12-18 22:29:00
github
github
Symfony Path Disclosure
2022-05-14 01:04:20
Symfony Cross-site Scripting (XSS) vulnerability
2019-11-12 23:00:53
Deserialization of untrusted data in Symfony
2020-02-12 18:44:50
typo3
typo3
Possible deserialization side-effects in symfony/cache
2019-06-25 00:00:00
redhatcve
redhatcve
CVE-2019-10911
2022-05-20 22:45:13

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

31.4%

JSON
Related for DEBIAN:DSA-4441-1:4957F
debian3openvas31osv18nessus31fedora25freebsd2drupal3ibm2thn2symfony8veracode8prion8cve8ubuntucve8debiancve8github7typo31redhatcve1