29 matches found
EUVD-2019-0782
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-1000888
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with...
RHEL 6 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 - PECL in the download...
RHEL 7 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 - PECL in the download...
RHEL 8 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 Note that Nessus has not tested for...
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...
GHSA-6RMQ-X2HV-VXPP Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...
Debian DLA-1685-1 : drupal7 security update
Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-6339 is fixed. For Debian 8 'Jessie', this problem has been fixed in...
Debian: Security Advisory (DLA-1685-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1674-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4378-1 : php-pear - security update
Fariskhi Vidyan discovered that the PEAR ArchiveTar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...
[SECURITY] [DSA 4378-1] php-pear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4378-1] php-pear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4378-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Object Injection
drupal/core is vulnerable to object injection. The vulnerability is possible because it does not properly use third-party PEAR ArchiveTar library, leading to a vulnerability similar to CVE-2018-1000888...
CVE-2019-6338
CVE-2019-6338 maps to the same underlying issue as CVE-2018-1000888 in the PEAR Archive_Tar library used by Drupal Core. Connected sources describe a PHP object-injection vulnerability in Archive_Tar before 1.4.4, where certain file operations (e.g., file_exists, is_file, is_dir) combined with ex...
CVE-2019-6338
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...
Code injection
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...
DRUPAL-CORE-2019-001
Drupal core uses the third-party PEAR Archive\Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...
Drupal core - Critical - Third Party Libraries - SA-CORE-2019-001
Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...