Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2019/11/22 12:0 a.m.36 views

Fedora 31 : php-symfony3 (2019-8b0ba02338)

Version 3.4.35 2019-11-13 - bug 34344 Console Constant STDOUT might be undefined nicolas-grekas - security cve-2019-18889 Cache forbid serializing AbstractAdapter and TagAwareAdapter instances nicolas-grekas - security cve-2019-18888 HttpFoundation fix guessing mime-types of files with leading da...

9.8CVSS7.6AI score0.33247EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/11/22 12:0 a.m.28 views

Fedora 30 : php-symfony (2019-9c2ad3b018)

Version 2.8.52 2019-11-13 - security cve-2019-18888 HttpFoundation fix guessing mime-types of files with leading dash nicolas-grekas - security cve-2019-18887 HttpKernel Use constant time comparison in UriSigner stof Note that Tenable Network Security has extracted the preceding description block...

8.1CVSS7.4AI score0.02248EPSS
Exploits0References3
OSV
OSV
added 2019/11/21 11:15 p.m.7 views

UBUNTU-CVE-2019-18888

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command...

7.5CVSS7.2AI score0.02248EPSS
Exploits0References5
CVE
CVE
added 2019/11/21 10:19 p.m.173 views

CVE-2019-18888

Summary: CVE-2019-18888 affects Symfony components (2.8.x, 3.4.x, 4.2.x, 4.3.x) where unvalidated user input could influence the file argument passed to the underlying file command during MIME type validation in HttpFoundation (and Mime in 4.3.x). Impact (as described): If an application passes u...

7.5CVSS7.5AI score0.02248EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2019/11/21 10:19 p.m.37 views

CVE-2019-18888

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command...

7.5CVSS7.5AI score0.02248EPSS
Exploits0
Debian
Debian
added 2019/11/19 1:38 a.m.106 views

[SECURITY] [DLA 1999-1] symfony security update

Package : symfony Version : 2.3.21+dfsg-4+deb8u6 CVE ID : CVE-2019-18886 CVE-2019-18887 CVE-2019-18888 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For Debian ...

8.1CVSS7.1AI score0.02248EPSS
Exploits0
Debian
Debian
added 2019/11/18 10:4 p.m.94 views

[SECURITY] [DSA 4573-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4573-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq -...

9.8CVSS8.8AI score0.33247EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 2019/11/13 8:0 a.m.20 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.02248EPSS
Exploits0Affected Software1
Symfony
Symfony
added 2019/11/13 12:0 a.m.42 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

Affected versions Symfony 2.8.0 to 2.8.51, 3.4.0 to 3.4.34, 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7 versions of the Symfony HttpFoundation component are affected by this security issue. Symfony 4.3.0 to 4.3.7 versions of the Symfony Mime component are affected by this security issue. The issue has bee...

7.5CVSS7.7AI score0.02248EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.27 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.02248EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.24 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.02248EPSS
Exploits0Affected Software1
Rows per page
Query Builder