Lucene search
+L

29 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-0782

Malware in sbrugna...

8CVSS8.1AI score0.0213EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with...

8.8CVSS8.7AI score0.19207EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 6 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 - PECL in the download...

7.5CVSS8.7AI score0.19207EPSS
Exploits10References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.17 views

RHEL 7 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 - PECL in the download...

7.5CVSS7.7AI score0.19207EPSS
Exploits10References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.17 views

RHEL 8 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 Note that Nessus has not tested for...

8.8CVSS7.5AI score0.19207EPSS
Exploits5References1
Github Security Blog
Github Security Blog
added 2019/12/02 6:11 p.m.105 views

Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...

8CVSS8AI score0.0213EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2019/12/02 6:11 p.m.28 views

GHSA-6RMQ-X2HV-VXPP Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...

8CVSS8AI score0.0213EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/02/20 12:0 a.m.81 views

Debian DLA-1685-1 : drupal7 security update

Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-6339 is fixed. For Debian 8 'Jessie', this problem has been fixed in...

9.8CVSS7.4AI score0.33228EPSS
Exploits5References3
OpenVAS
OpenVAS
added 2019/02/19 12:0 a.m.98 views

Debian: Security Advisory (DLA-1685-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.33228EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2019/02/11 12:0 a.m.54 views

Debian: Security Advisory (DLA-1674-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.3AI score0.19207EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2019/01/31 12:0 a.m.30 views

Debian DSA-4378-1 : php-pear - security update

Fariskhi Vidyan discovered that the PEAR ArchiveTar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...

8.8CVSS7.7AI score0.19207EPSS
Exploits5References5
Debian
Debian
added 2019/01/30 3:44 p.m.34 views

[SECURITY] [DSA 4378-1] php-pear security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...

6.8CVSS2.7AI score0.19207EPSS
Exploits5
Debian
Debian
added 2019/01/30 3:44 p.m.104 views

[SECURITY] [DSA 4378-1] php-pear security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...

8.8CVSS8.2AI score0.19207EPSS
Exploits5
OpenVAS
OpenVAS
added 2019/01/29 12:0 a.m.39 views

Debian: Security Advisory (DSA-4378-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.3AI score0.19207EPSS
Exploits5References4
Veracode
Veracode
added 2019/01/23 6:38 a.m.34 views

Object Injection

drupal/core is vulnerable to object injection. The vulnerability is possible because it does not properly use third-party PEAR ArchiveTar library, leading to a vulnerability similar to CVE-2018-1000888...

8.8CVSS8.2AI score0.19207EPSS
Exploits5References7Affected Software2
CVE
CVE
added 2019/01/22 3:0 p.m.121 views

CVE-2019-6338

CVE-2019-6338 maps to the same underlying issue as CVE-2018-1000888 in the PEAR Archive_Tar library used by Drupal Core. Connected sources describe a PHP object-injection vulnerability in Archive_Tar before 1.4.4, where certain file operations (e.g., file_exists, is_file, is_dir) combined with ex...

8CVSS8AI score0.0213EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/01/22 2:29 p.m.22 views

CVE-2019-6338

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...

8CVSS8AI score0.0213EPSS
Exploits0References4
Prion
Prion
added 2019/01/22 2:29 p.m.25 views

Code injection

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...

6CVSS8AI score0.19207EPSS
Exploits5References4Affected Software2
OSV
OSV
added 2019/01/16 5:17 p.m.2 views

DRUPAL-CORE-2019-001

Drupal core uses the third-party PEAR Archive\Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...

8CVSS6.9AI score0.0213EPSS
Exploits0References1
Drupal
Drupal
added 2019/01/16 12:0 a.m.81 views

Drupal core - Critical - Third Party Libraries - SA-CORE-2019-001

Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...

8.8CVSS1.7AI score0.19207EPSS
Exploits5References13
Rows per page
Query Builder