Commits 06/14/2018

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Entry

Field

IDUserEntryFieldChangeRemarksModeratedReasonC
5779486VulD...87705qualys_titleDebian Security Update for symfony (DSA 3588-1)qualys.com06/14/2018accepted100
5779485VulD...87705qualys_id175750qualys.com06/14/2018accepted100
5779484VulD...87705openvas_familyDebian Local Security Checks06/14/2018accepted100
5779483VulD...87705openvas_titleDebian Security Advisory DSA 3588-1 (symfony - security update)06/14/2018accepted100
5779482VulD...87705openvas_filenamedeb_3588.nasl06/14/2018accepted100
5779481VulD...87705openvas_id70358806/14/2018accepted100
5779480VulD...87705nessus_familyDebian Local Security Checkstenable.com06/14/2018accepted100
5779479VulD...87705nessus_filenamedebian_DSA-3588.nasltenable.com06/14/2018accepted100
5779478VulD...87705nessus_nameDebian DSA-3588-1 : symfony - security updatetenable.com06/14/2018accepted100
5779476VulD...87705oval_idoval:org.cisecurity:def:857cisecurity.org06/14/2018accepted100
5779475VulD...87705cve_nvd_summaryThe attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.mitre.org06/14/2018accepted100
5779474VulD...87705cve_nvd_published1464739200mitre.org06/14/2018accepted100
5779455VulD...87705cvss2_nvd_aiPnist.gov06/14/2018accepted100
5779454VulD...87705cvss2_nvd_iiNnist.gov06/14/2018accepted100
5779453VulD...87705cvss2_nvd_ciNnist.gov06/14/2018accepted100
5779452VulD...87705cvss2_nvd_auNnist.gov06/14/2018accepted100
5779451VulD...87705cvss2_nvd_acLnist.gov06/14/2018accepted100
5779450VulD...87705cvss2_nvd_avNnist.gov06/14/2018accepted100
5779440VulD...87705cwe399 (denial of service)06/14/2018accepted100
5779432VulD...87705typeProgramming Tool Software06/14/2018accepted100
5779041VulD...87699qualys_titleDebian Security Update for symfony (DSA 3588-1)qualys.com06/14/2018accepted100
5779040VulD...87699qualys_id175750qualys.com06/14/2018accepted100
5779039VulD...87699openvas_familyDebian Local Security Checks06/14/2018accepted100
5779038VulD...87699openvas_titleDebian Security Advisory DSA 3588-1 (symfony - security update)06/14/2018accepted100
5779037VulD...87699openvas_filenamedeb_3588.nasl06/14/2018accepted100
5779036VulD...87699openvas_id70358806/14/2018accepted100
5779035VulD...87699nessus_familyDebian Local Security Checkstenable.com06/14/2018accepted100
5779034VulD...87699nessus_filenamedebian_DSA-3588.nasltenable.com06/14/2018accepted100
5779033VulD...87699nessus_nameDebian DSA-3588-1 : symfony - security updatetenable.com06/14/2018accepted100
5779031VulD...87699oval_idoval:org.cisecurity:def:857cisecurity.org06/14/2018accepted100
5779030VulD...87699cve_nvd_summaryThe nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.mitre.org06/14/2018accepted100
5779029VulD...87699cve_nvd_published1464739200mitre.org06/14/2018accepted100
5779002VulD...87699cvss2_nvd_aiNnist.gov06/14/2018accepted100
5779001VulD...87699cvss2_nvd_iiNnist.gov06/14/2018accepted100
5779000VulD...87699cvss2_nvd_ciPnist.gov06/14/2018accepted100
5778999VulD...87699cvss2_nvd_auNnist.gov06/14/2018accepted100
5778998VulD...87699cvss2_nvd_acLnist.gov06/14/2018accepted100
5778997VulD...87699cvss2_nvd_avNnist.gov06/14/2018accepted100
5778985VulD...87699cwe310 (weak encryption)06/14/2018accepted100
5778977VulD...87699typeProgramming Tool Software06/14/2018accepted100
5284065VulD...79441cwe203 (information disclosure)06/14/2018accepted90
5284063VulD...79441qualys_titleFedora Security Update for php-symfony (FEDORA-2015-0)qualys.com06/14/2018accepted100
5284062VulD...79441qualys_id124438qualys.com06/14/2018accepted100
5284061VulD...79441openvas_familyDebian Local Security Checks06/14/2018accepted100
5284060VulD...79441openvas_titleDebian Security Advisory DSA 3402-1 (symfony - security update)06/14/2018accepted100
5284059VulD...79441openvas_filenamedeb_3402.nasl06/14/2018accepted100
5284058VulD...79441openvas_id70340206/14/2018accepted100
5284057VulD...79441nessus_familyDebian Local Security Checkstenable.com06/14/2018accepted100
5284056VulD...79441nessus_filenamedebian_DSA-3402.nasltenable.com06/14/2018accepted100
5284055VulD...79441nessus_nameDebian DSA-3402-1 : symfony - security updatetenable.com06/14/2018accepted100
5284053VulD...79441vulnerabilitycenter_reportingdate1448236800vulnerabilitycenter.com06/14/2018accepted100
5284052VulD...79441vulnerabilitycenter_lastupdatedate1452816000vulnerabilitycenter.com06/14/2018accepted100
5284051VulD...79441vulnerabilitycenter_creationdate1450569600vulnerabilitycenter.com06/14/2018accepted100
5284050VulD...79441vulnerabilitycenter_severityHighvulnerabilitycenter.com06/14/2018accepted100
5284049VulD...79441vulnerabilitycenter_titleSymfony Remote Timing Attack in Security RememberMe Servicevulnerabilitycenter.com06/14/2018accepted100
5284048VulD...79441vulnerabilitycenter55340vulnerabilitycenter.com06/14/2018accepted100
5284047VulD...79441securityfocus77692securityfocus.com06/14/2018accepted100
5284046VulD...79441oval_idoval:org.cisecurity:def:286cisecurity.org06/14/2018accepted100
5284045VulD...79441cve_nvd_summarySymfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or (2) Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener class in the Symfony Security Component, or (3) legacy CSRF implementation from the Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider class in the Symfony Form component.mitre.org06/14/2018accepted100
5284044VulD...79441cve_nvd_published1449446400mitre.org06/14/2018accepted100

Interested in the pricing of exploits?

See the underground prices here!