Linux Distros Unpatched Vulnerability : CVE-2019-6339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar...

Linux Distros Unpatched Vulnerability : CVE-2017-6922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to...

Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Artbitrary File Deletion. It is not directly exploitable. This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allo...

PT-2024-9339 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions 8.8.0 through 10.2.11 Drupal Core versions 10.3.0 through 10.3.9 Drupal Core versions 11.0.0 through 11.0.8 Description: The issue is related to insufficient protection of the web page structure, allowing an attacker to...

CVE-2019-6339

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...