The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of eZ Platform

vulnerability CVE-2019-11358

jQuery Core: privilege escalation via Object.prototype Pollution

Synthesis of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Impacted products: Debian, Drupal Core, eZ Platform, Fedora, jQuery Core, Oracle Communications, WebLogic, Red Hat SSO, Synology DSM, Telerik.Web.UI.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 11/04/2019.
Identifiers: cpujul2019, CVE-2019-11358, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4460-1, EZSA-2019-005, FEDORA-2019-2a0ce0c58c, FEDORA-2019-a06dffab1c, FEDORA-2019-f563e66380, RHSA-2019:1456-01, Synology-SA-19:19, VIGILANCE-VUL-29030.

Description of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-19790

Symfony: open redirect via Backslashes

Synthesis of the vulnerability

An attacker can deceive the user via Backslashes of Symfony, in order to redirect him to a malicious site.
Impacted products: Debian, eZ Platform, eZ Publish, Fedora, Symfony.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 06/12/2018.
Identifiers: CVE-2018-19790, DLA-1707-1, DSA-4441-1, EZSA-2018-010, FEDORA-2018-66547a8c14, FEDORA-2018-6edf04d9d6, FEDORA-2018-84a1f77d89, FEDORA-2018-8c06b6defd, FEDORA-2018-8d3a9bdff1, FEDORA-2018-b38a4dd0c7, VIGILANCE-VUL-27979.

Description of the vulnerability

An attacker can deceive the user via Backslashes of Symfony, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-19789

Symfony: information disclosure via File Uploads Form Types

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via File Uploads Form Types of Symfony, in order to obtain sensitive information.
Impacted products: Debian, eZ Platform, eZ Publish, Fedora, Symfony.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 06/12/2018.
Identifiers: CVE-2018-19789, DLA-1707-1, DSA-4441-1, EZSA-2018-010, FEDORA-2018-66547a8c14, FEDORA-2018-6edf04d9d6, FEDORA-2018-84a1f77d89, FEDORA-2018-8c06b6defd, FEDORA-2018-8d3a9bdff1, FEDORA-2018-b38a4dd0c7, VIGILANCE-VUL-27978.

Description of the vulnerability

An attacker can bypass access restrictions to data via File Uploads Form Types of Symfony, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-11408

Symfony: open redirect via Security Handlers

Synthesis of the vulnerability

An attacker can deceive the user via Security Handlers of Symfony, in order to redirect him to a malicious site.
Impacted products: Debian, eZ Platform, Fedora, Symfony.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11408, DLA-1707-1, EZSA-2018-004, FEDORA-2018-96d770ddc9, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, FEDORA-2018-eba0006df2, VIGILANCE-VUL-26250.

Description of the vulnerability

An attacker can deceive the user via Security Handlers of Symfony, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-11406

Symfony: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Symfony, in order to force the victim to perform operations.
Impacted products: Debian, eZ Platform, Fedora, Symfony.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11406, DSA-4262-1, EZSA-2018-004, FEDORA-2018-96d770ddc9, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, FEDORA-2018-eba0006df2, VIGILANCE-VUL-26249.

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Symfony, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-11386

Symfony: denial of service via PDOSessionHandler

Synthesis of the vulnerability

An attacker can generate a fatal error via PDOSessionHandler of Symfony, in order to trigger a denial of service.
Impacted products: Debian, eZ Platform, Fedora, Symfony.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11386, DSA-4262-1, EZSA-2018-004, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, VIGILANCE-VUL-26248.

Description of the vulnerability

An attacker can generate a fatal error via PDOSessionHandler of Symfony, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-11385

Symfony: privilege escalation via Guard Session Fixation

Synthesis of the vulnerability

An attacker can bypass restrictions via Guard Session Fixation of Symfony, in order to escalate his privileges.
Impacted products: Debian, eZ Platform, Fedora, Symfony.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 25/05/2018.
Revision date: 28/05/2018.
Identifiers: CVE-2018-11385, DLA-1707-1, DSA-4262-1, EZSA-2018-004, FEDORA-2018-96d770ddc9, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, FEDORA-2018-eba0006df2, VIGILANCE-VUL-26230.

Description of the vulnerability

An attacker can bypass restrictions via Guard Session Fixation of Symfony, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-11407

Symfony: privilege escalation via LDAP Empty Password

Synthesis of the vulnerability

An attacker can bypass restrictions via LDAP Empty Password of Symfony, in order to escalate his privileges.
Impacted products: eZ Platform, Fedora, Symfony.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11407, EZSA-2018-004, FEDORA-2018-c8ddc44bbb, VIGILANCE-VUL-26247.

Description of the vulnerability

An attacker can bypass restrictions via LDAP Empty Password of Symfony, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about eZ Platform: