The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Symfony

computer vulnerability note CVE-2018-19790

Symfony: open redirect via Backslashes

Synthesis of the vulnerability

An attacker can deceive the user via Backslashes of Symfony, in order to redirect him to a malicious site.
Impacted products: Debian, eZ Platform, eZ Publish, Fedora, Symfony.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 06/12/2018.
Identifiers: CVE-2018-19790, DLA-1707-1, DSA-4441-1, EZSA-2018-010, FEDORA-2018-66547a8c14, FEDORA-2018-6edf04d9d6, FEDORA-2018-84a1f77d89, FEDORA-2018-8c06b6defd, FEDORA-2018-8d3a9bdff1, FEDORA-2018-b38a4dd0c7, VIGILANCE-VUL-27979.

Description of the vulnerability

An attacker can deceive the user via Backslashes of Symfony, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-19789

Symfony: information disclosure via File Uploads Form Types

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via File Uploads Form Types of Symfony, in order to obtain sensitive information.
Impacted products: Debian, eZ Platform, eZ Publish, Fedora, Symfony.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 06/12/2018.
Identifiers: CVE-2018-19789, DLA-1707-1, DSA-4441-1, EZSA-2018-010, FEDORA-2018-66547a8c14, FEDORA-2018-6edf04d9d6, FEDORA-2018-84a1f77d89, FEDORA-2018-8c06b6defd, FEDORA-2018-8d3a9bdff1, FEDORA-2018-b38a4dd0c7, VIGILANCE-VUL-27978.

Description of the vulnerability

An attacker can bypass access restrictions to data via File Uploads Form Types of Symfony, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-14774

Symfony: information disclosure via HttpCache X-Forwarded-Host Host Header Injection

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HttpCache X-Forwarded-Host Host Header Injection of Symfony, in order to obtain sensitive information.
Impacted products: Symfony.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 02/08/2018.
Identifiers: CVE-2018-14774, VIGILANCE-VUL-26885.

Description of the vulnerability

An attacker can bypass access restrictions to data via HttpCache X-Forwarded-Host Host Header Injection of Symfony, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-14773

Symfony: information disclosure via X-Original-URL / X-Rewrite-URL

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via X-Original-URL / X-Rewrite-URL of Symfony, in order to obtain sensitive information.
Impacted products: Debian, Drupal Core, Fedora, Symfony.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 02/08/2018.
Identifiers: CERTFR-2018-AVI-370, CVE-2018-14773, DLA-1707-1, DRUPAL-SA-CORE-2018-005, DSA-4441-1, FEDORA-2018-4deae442f2, FEDORA-2018-6f3ceeb7cb, FEDORA-2018-732f45d43e, FEDORA-2018-7f43cbdb69, FEDORA-2018-9b54497b6e, FEDORA-2018-9c38d1dc1d, VIGILANCE-VUL-26884.

Description of the vulnerability

An attacker can bypass access restrictions to data via X-Original-URL / X-Rewrite-URL of Symfony, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-12040

Symfony: Cross Site Scripting via Profiler

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Profiler of Symfony, in order to run JavaScript code in the context of the web site.
Impacted products: Symfony.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 11/06/2018.
Identifiers: CVE-2018-12040, VIGILANCE-VUL-26370.

Description of the vulnerability

The Symfony product offers a web service.

However, it does not filter received data via Profiler before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Profiler of Symfony, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-11408

Symfony: open redirect via Security Handlers

Synthesis of the vulnerability

An attacker can deceive the user via Security Handlers of Symfony, in order to redirect him to a malicious site.
Impacted products: Debian, eZ Platform, Fedora, Symfony.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11408, DLA-1707-1, EZSA-2018-004, FEDORA-2018-96d770ddc9, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, FEDORA-2018-eba0006df2, VIGILANCE-VUL-26250.

Description of the vulnerability

An attacker can deceive the user via Security Handlers of Symfony, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-11406

Symfony: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Symfony, in order to force the victim to perform operations.
Impacted products: Debian, eZ Platform, Fedora, Symfony.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11406, DSA-4262-1, EZSA-2018-004, FEDORA-2018-96d770ddc9, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, FEDORA-2018-eba0006df2, VIGILANCE-VUL-26249.

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Symfony, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-11386

Symfony: denial of service via PDOSessionHandler

Synthesis of the vulnerability

An attacker can generate a fatal error via PDOSessionHandler of Symfony, in order to trigger a denial of service.
Impacted products: Debian, eZ Platform, Fedora, Symfony.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11386, DSA-4262-1, EZSA-2018-004, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, VIGILANCE-VUL-26248.

Description of the vulnerability

An attacker can generate a fatal error via PDOSessionHandler of Symfony, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-11385

Symfony: privilege escalation via Guard Session Fixation

Synthesis of the vulnerability

An attacker can bypass restrictions via Guard Session Fixation of Symfony, in order to escalate his privileges.
Impacted products: Debian, eZ Platform, Fedora, Symfony.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 25/05/2018.
Revision date: 28/05/2018.
Identifiers: CVE-2018-11385, DLA-1707-1, DSA-4262-1, EZSA-2018-004, FEDORA-2018-96d770ddc9, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, FEDORA-2018-eba0006df2, VIGILANCE-VUL-26230.

Description of the vulnerability

An attacker can bypass restrictions via Guard Session Fixation of Symfony, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-11407

Symfony: privilege escalation via LDAP Empty Password

Synthesis of the vulnerability

An attacker can bypass restrictions via LDAP Empty Password of Symfony, in order to escalate his privileges.
Impacted products: eZ Platform, Fedora, Symfony.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11407, EZSA-2018-004, FEDORA-2018-c8ddc44bbb, VIGILANCE-VUL-26247.

Description of the vulnerability

An attacker can bypass restrictions via LDAP Empty Password of Symfony, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Symfony: