Lucene search
K

8 matches found

Debian
Debian
added 2019/02/20 3:23 a.m.165 views

[SECURITY] [DLA 1685-1] drupal7 security update

Package : drupal7 Version : 7.32-1+deb8u15 CVE ID : CVE-2019-6338 Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-63...

9.8CVSS8.3AI score0.33228EPSS
Exploits5
OpenVAS
OpenVAS
added 2019/02/19 12:0 a.m.97 views

Debian: Security Advisory (DLA-1685-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.33228EPSS
Exploits5References3
CVE
CVE
added 2019/01/22 3:0 p.m.119 views

CVE-2019-6338

CVE-2019-6338 maps to the same underlying issue as CVE-2018-1000888 in the PEAR Archive_Tar library used by Drupal Core. Connected sources describe a PHP object-injection vulnerability in Archive_Tar before 1.4.4, where certain file operations (e.g., file_exists, is_file, is_dir) combined with ex...

8CVSS8AI score0.0213EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2019/01/22 3:0 p.m.33 views

CVE-2019-6338 third-party PEAR Archive_Tar library updates

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...

8.2AI score0.0213EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2019/01/22 3:0 p.m.22 views

CVE-2019-6338

Removed by vendor...

8CVSS8.2AI score0.0213EPSS
Exploits0
NVD
NVD
added 2019/01/22 2:29 p.m.19 views

CVE-2019-6338

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...

8CVSS8AI score0.0213EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/01/18 12:0 a.m.80 views

Debian DSA-4370-1 : drupal7 - security update

Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution. For additional information, please refer to the upstream advisories at: https://www.drupal.org/sa-core-2019-001 and https://www.drupal.org/sa-core-2019-002 C...

9.8CVSS8.4AI score0.33228EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/01/16 12:0 a.m.112 views

Drupal 7.x < 7.62 / 8.5.x < 8.5.9 / 8.6.x < 8.6.6 Multiple Vulnerabilities (SA-CORE-2019-001, SA-CORE-2019-002)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.62, 8.5.x prior to 8.5.9, or 8.6.x prior to 8.6.6. It is, therefore, affected by multiple phar handling vulnerabilities. An unauthenticated attacker could leverage these vulnerabiliti...

9.8CVSS7.8AI score0.33228EPSS
Exploits5References8
Rows per page
Query Builder