The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of eZ Platform

computer vulnerability note CVE-2019-11358

jQuery Core: privilege escalation via Object.prototype Pollution

Synthesis of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Severity: 2/4.
Creation date: 11/04/2019.
Identifiers: bulletinoct2019, cpujul2019, cpuoct2019, CVE-2019-11358, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4460-1, EZSA-2019-005, FEDORA-2019-2a0ce0c58c, FEDORA-2019-a06dffab1c, FEDORA-2019-f563e66380, NTAP-20190919-0001, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, VIGILANCE-VUL-29030.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-19790

Symfony: open redirect via Backslashes

Synthesis of the vulnerability

An attacker can deceive the user via Backslashes of Symfony, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 06/12/2018.
Identifiers: CVE-2018-19790, DLA-1707-1, DSA-4441-1, EZSA-2018-010, FEDORA-2018-66547a8c14, FEDORA-2018-6edf04d9d6, FEDORA-2018-84a1f77d89, FEDORA-2018-8c06b6defd, FEDORA-2018-8d3a9bdff1, FEDORA-2018-b38a4dd0c7, VIGILANCE-VUL-27979.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can deceive the user via Backslashes of Symfony, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-19789

Symfony: information disclosure via File Uploads Form Types

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via File Uploads Form Types of Symfony, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 06/12/2018.
Identifiers: CVE-2018-19789, DLA-1707-1, DSA-4441-1, EZSA-2018-010, FEDORA-2018-66547a8c14, FEDORA-2018-6edf04d9d6, FEDORA-2018-84a1f77d89, FEDORA-2018-8c06b6defd, FEDORA-2018-8d3a9bdff1, FEDORA-2018-b38a4dd0c7, VIGILANCE-VUL-27978.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via File Uploads Form Types of Symfony, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-11408

Symfony: open redirect via Security Handlers

Synthesis of the vulnerability

An attacker can deceive the user via Security Handlers of Symfony, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11408, DLA-1707-1, EZSA-2018-004, FEDORA-2018-96d770ddc9, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, FEDORA-2018-eba0006df2, VIGILANCE-VUL-26250.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can deceive the user via Security Handlers of Symfony, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2018-11406

Symfony: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Symfony, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11406, DSA-4262-1, EZSA-2018-004, FEDORA-2018-96d770ddc9, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, FEDORA-2018-eba0006df2, VIGILANCE-VUL-26249.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Symfony, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2018-11386

Symfony: denial of service via PDOSessionHandler

Synthesis of the vulnerability

An attacker can generate a fatal error via PDOSessionHandler of Symfony, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11386, DSA-4262-1, EZSA-2018-004, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, VIGILANCE-VUL-26248.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via PDOSessionHandler of Symfony, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2018-11385

Symfony: privilege escalation via Guard Session Fixation

Synthesis of the vulnerability

An attacker can bypass restrictions via Guard Session Fixation of Symfony, in order to escalate his privileges.
Severity: 2/4.
Creation date: 25/05/2018.
Revision date: 28/05/2018.
Identifiers: CVE-2018-11385, DLA-1707-1, DSA-4262-1, EZSA-2018-004, FEDORA-2018-96d770ddc9, FEDORA-2018-ba0b683c10, FEDORA-2018-c8ddc44bbb, FEDORA-2018-eba0006df2, VIGILANCE-VUL-26230.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Guard Session Fixation of Symfony, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2018-11407

Symfony: privilege escalation via LDAP Empty Password

Synthesis of the vulnerability

An attacker can bypass restrictions via LDAP Empty Password of Symfony, in order to escalate his privileges.
Severity: 2/4.
Creation date: 28/05/2018.
Identifiers: CVE-2018-11407, EZSA-2018-004, FEDORA-2018-c8ddc44bbb, VIGILANCE-VUL-26247.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via LDAP Empty Password of Symfony, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about eZ Platform: