Lucene search
+L

8 matches found

Circl
Circl
added 2024/02/26 10:11 a.m.6 views

CVE-2019-18886

creationtimestamp| type| source ---|---|--- 2024-02-26 10:11:56+00:00| seen| https://t.me/ctinow/193212...

5.3CVSS5.4AI score0.01552EPSS
Exploits0References1
OSV
OSV
added 2019/11/21 6:15 p.m.18 views

CVE-2019-18886

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security...

5.3CVSS7.9AI score0.01552EPSS
Exploits0References3
CVE
CVE
added 2019/11/21 5:41 p.m.101 views

CVE-2019-18886

CVE-2019-18886 affects Symfony 4.2.0–4.2.11 and 4.3.0–4.3.7. The root cause is in the switch_user handling in symfony/security, where differences in whether a user existed during unauthorized switch attempts allowed user enumeration. The vulnerability enables an information disclosure vector via ...

5.3CVSS5.2AI score0.01552EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2019/11/21 5:41 p.m.35 views

CVE-2019-18886

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security...

5.3CVSS5.1AI score0.01552EPSS
Exploits0
Debian
Debian
added 2019/11/19 1:38 a.m.106 views

[SECURITY] [DLA 1999-1] symfony security update

Package : symfony Version : 2.3.21+dfsg-4+deb8u6 CVE ID : CVE-2019-18886 CVE-2019-18887 CVE-2019-18888 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For Debian ...

8.1CVSS7.1AI score0.02248EPSS
Exploits0
Symfony
Symfony
added 2019/11/13 12:0 a.m.37 views

CVE-2019-18886: Prevent user enumeration using switch user functionality

Affected versions Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7 versions of the Symfony Security/Http component are affected by this security issue. The issue has been fixed in Symfony 4.2.12 and 4.3.8. Note that no fixes are provided for Symfony 4.1 as they are not maintained anymore. Description T...

5.3CVSS5.3AI score0.01552EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.35 views

CVE-2019-18886: Prevent user enumeration using switch user functionality

More info at https://symfony.com/cve-2019-18886...

5.3CVSS7.2AI score0.01552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.24 views

CVE-2019-18886: Prevent user enumeration using switch user functionality

More info at https://symfony.com/cve-2019-18886...

5.3CVSS7.2AI score0.01552EPSS
Exploits0Affected Software1
Rows per page
Query Builder