Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2019/02/20 12:0 a.m.81 views

Debian DLA-1685-1 : drupal7 security update

Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-6339 is fixed. For Debian 8 'Jessie', this problem has been fixed in...

9.8CVSS7.4AI score0.33228EPSS
Exploits5References3
OpenVAS
OpenVAS
added 2019/02/19 12:0 a.m.97 views

Debian: Security Advisory (DLA-1685-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.33228EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/01 10:25 p.m.25 views

Security Bulletin: IBM API Connect Developer Portal is affected by a remote code execution vulnerability in Drupal (CVE-2019-6339)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-6339 DESCRIPTION: Drupal core could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in PHP's built-in phar stream wrapper. By sending a...

9.8CVSS1.2AI score0.33228EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2019/01/22 3:0 p.m.37 views

CVE-2019-6339 PHAR stream wrapper Arbitrary PHP code execution

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...

9.6AI score0.33228EPSS
Exploits0References3
CVE
CVE
added 2019/01/22 3:0 p.m.292 views

CVE-2019-6339

Summary: CVE-2019-6339 affects Drupal Core components: Drupal 7.x before 7.62, 8.6.x before 8.6.6, and 8.5.x before 8.5.9. It is a remote code execution in PHP’s built‑in phar stream wrapper during file operations on untrusted phar:// URIs, exposed when unvalidated user input is used in file oper...

9.8CVSS9.6AI score0.33228EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/18 12:0 a.m.80 views

Debian DSA-4370-1 : drupal7 - security update

Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution. For additional information, please refer to the upstream advisories at: https://www.drupal.org/sa-core-2019-001 and https://www.drupal.org/sa-core-2019-002 C...

9.8CVSS8.4AI score0.33228EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/01/16 12:0 a.m.112 views

Drupal 7.x < 7.62 / 8.5.x < 8.5.9 / 8.6.x < 8.6.6 Multiple Vulnerabilities (SA-CORE-2019-001, SA-CORE-2019-002)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.62, 8.5.x prior to 8.5.9, or 8.6.x prior to 8.6.6. It is, therefore, affected by multiple phar handling vulnerabilities. An unauthenticated attacker could leverage these vulnerabiliti...

9.8CVSS7.8AI score0.33228EPSS
Exploits5References8
Rows per page
Query Builder