19 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-10910
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow...
CVE-2019-10910
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection...
CVE-2019-10910
CVE-2019-10910 affects Symfony versions prior to fixed releases: Symfony 2.7.51+, 2.8.50+, 3.x 3.4.26+, 4.x 4.1.12+, and 4.2.x 4.2.7+. The issue arises when service IDs can be influenced by user input, allowing SQL injection and remote code execution via the dependency-injection component. Mitiga...
CVE-2019-10910
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection...
Fedora 29 : drupal8 (2019-7eaf0bbe7c)
https://www.drupal.org/project/drupal/releases/8.6.15 - https://www.drupal.org/SA-CORE-2019-005 CVE-2019-10909 / CVE-2019-10910 / CVE-2019-10911 - https://www.drupal.org/SA-CORE-2019-006 CVE-2019-11358 - https://www.drupal.org/project/drupal/releases/8.6.14 Note that Tenable Network Security has...
Fedora 28 : drupal8 (2019-1a3edd7e8a)
https://www.drupal.org/project/drupal/releases/8.6.15 - https://www.drupal.org/SA-CORE-2019-005 CVE-2019-10909 / CVE-2019-10910 / CVE-2019-10911 - https://www.drupal.org/SA-CORE-2019-006 CVE-2019-11358 - https://www.drupal.org/project/drupal/releases/8.6.14 Note that Tenable Network Security has...
Fedora 30 : drupal8 (2019-eba8e44ee6)
https://www.drupal.org/project/drupal/releases/8.6.15 - https://www.drupal.org/SA-CORE-2019-005 CVE-2019-10909 / CVE-2019-10910 / CVE-2019-10911 - https://www.drupal.org/SA-CORE-2019-006 CVE-2019-11358 - https://www.drupal.org/project/drupal/releases/8.6.14 Note that Tenable Network Security has...
Debian DLA-1778-1 : symfony security update
Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are affected: Framework Bundle, Dependency Injection, Security, HttpFoundation CVE-2019-10909 Validation messages were not escaped when using the form theme of the PHP...
[SECURITY] [DLA 1778-1] symfony security update
Package : symfony Version : 2.3.21+dfsg-4+deb8u5 CVE ID : CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10913 Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are affected: Framework Bundle, Dependency Injection...
Fedora 30 : php-symfony3 (2019-8635280de5)
Version 3.4.26 2019-04-17 - bug 31084 HttpFoundation Make MimeTypeExtensionGuesser case insensitive vermeirentony - bug 31142 Revert 'bug 30423 Security Rework firewall's access denied rule dimabory' chalasr - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security...
Fedora 30 : php-symfony4 (2019-f5d6a7ce74)
Version 4.2.7 2019-04-17 - bug 31107 Routing fix trailing slash redirection with non-greedy trailing vars nicolas-grekas - bug 31108 FrameworkBundle decorate the ValidatorBuilder's translator with LegacyTranslatorProxy nicolas-grekas - bug 31121 HttpKernel Fix get session when the request stack i...
Fedora 30 : php-symfony (2019-0ef4149687)
Version 2.8.50 2019-04-17 - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security cve-2019-10909 FrameworkBundleForm Fix XSS issues in the form theme of the PHP templating engine stof - security cve-2019-10912 PHPUnit Bridge Prevent destructors with side-effects from...
Fedora 28 : php-symfony (2019-3ee6a7adf2)
Version 2.8.50 2019-04-17 - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security cve-2019-10909 FrameworkBundleForm Fix XSS issues in the form theme of the PHP templating engine stof - security cve-2019-10912 PHPUnit Bridge Prevent destructors with side-effects from...
Fedora 29 : php-symfony (2019-f8db687840)
Version 2.8.50 2019-04-17 - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security cve-2019-10909 FrameworkBundleForm Fix XSS issues in the form theme of the PHP templating engine stof - security cve-2019-10912 PHPUnit Bridge Prevent destructors with side-effects from...
Fedora 29 : php-symfony3 (2019-a3ca65028c)
Version 3.4.26 2019-04-17 - bug 31084 HttpFoundation Make MimeTypeExtensionGuesser case insensitive vermeirentony - bug 31142 Revert 'bug 30423 Security Rework firewall's access denied rule dimabory' chalasr - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security...
Drupal 8.x Multiple Vulnerabilities (SA-CORE-2019-005) - Linux
Drupal is prone to multiple vulnerabilities in third-party dependencies. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
drupal -- Drupal core - Moderately critical
Drupal Security Team reports: CVE-2019-10909: Escape validation messages in the PHP templating engine. CVE-2019-10910: Check service IDs are valid. CVE-2019-10911: Add a separator in the remember me cookie hash. jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue...
CVE-2019-10910: Check service IDs are valid
More info at https://symfony.com/cve-2019-10910...
CVE-2019-10910: Check service IDs are valid
More info at https://symfony.com/cve-2019-10910...