CVE-2019-10911 fixes an issue where there was not a clear differentiation between different parts of the content of a cookie allowing for potential to authenticate as a different user in particular situations
CVE-2019-10910 fixes an issue where crafted service IDs could be executed as code
CVE-2019-10912 fixes an issue where files could be deleted or raw output echoed when some classes were unserialized.
Fixing a vulnerability in Twig's sandbox mode.
CVE-2018-19790 fixes an open redirect vulnerability when using Security\Http
CVE-2018-19789 fixes a possible disclosure of an uploaded temporary file's full path in the form component
CVE-2018-14774 fixes a possible host header injection when using HttpCache
CVE-2018-14773 fixes a possible URL injection in HttpFoundation
CVE-2018-11408 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler.
CVE-2018-11386 fixes a possible denial of service when using PDOSessionHandler.