12 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-18887
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timin...
CVE-2019-18887
creationtimestamp| type| source ---|---|--- 2024-02-26 10:11:57+00:00| seen| https://t.me/ctinow/193213...
Fedora 31 : php-symfony3 (2019-8b0ba02338)
Version 3.4.35 2019-11-13 - bug 34344 Console Constant STDOUT might be undefined nicolas-grekas - security cve-2019-18889 Cache forbid serializing AbstractAdapter and TagAwareAdapter instances nicolas-grekas - security cve-2019-18888 HttpFoundation fix guessing mime-types of files with leading da...
Fedora 30 : php-symfony (2019-9c2ad3b018)
Version 2.8.52 2019-11-13 - security cve-2019-18888 HttpFoundation fix guessing mime-types of files with leading dash nicolas-grekas - security cve-2019-18887 HttpKernel Use constant time comparison in UriSigner stof Note that Tenable Network Security has extracted the preceding description block...
DEBIAN-CVE-2019-18887
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel...
CVE-2019-18887
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel...
CVE-2019-18887
CVE-2019-18887 affects Symfony components in versions 2.8.0–2.8.50, 3.4.0–3.4.34, 4.2.0–4.2.11, and 4.3.0–4.3.7, due to timing-attack vulnerability in UriSigner (related to symfony/http-kernel). Fedora/Nessus details confirm fixes: 2.8.52, 3.4.35, and 4.3.8 releases provided patches. Exploit stat...
[SECURITY] [DLA 1999-1] symfony security update
Package : symfony Version : 2.3.21+dfsg-4+deb8u6 CVE ID : CVE-2019-18886 CVE-2019-18887 CVE-2019-18888 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For Debian ...
[SECURITY] [DSA 4573-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4573-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq -...
CVE-2019-18887: Use constant time comparison in UriSigner
Affected versions Symfony 2.8.0 to 2.8.51, 3.4.0 to 3.4.34, 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7 versions of the Symfony HttpKernel component are affected by this security issue. The issue has been fixed in Symfony 2.8.52, 3.4.35, 4.2.12 and 4.3.8. Note that no fixes are provided for Symfony 3.0,...
CVE-2019-18887: Use constant time comparison in UriSigner
More info at https://symfony.com/cve-2019-18887...
CVE-2019-18887: Use constant time comparison in UriSigner
More info at https://symfony.com/cve-2019-18887...