Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2021/04/21 12:0 a.m.42 views

Drupal 7.x < 7.78 / 8.9.x < 8.9.13 / 9.x < 9.0.11 / 9.1.x < 9.1.3 Directory Traversal (SA-CORE-2021-001)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.78, 8.9.x prior to 8.9.13, 9.x prior to 9.0.11, or 9.1.x prior to 9.1.3. It is, therefore, affected by a vulnerability. - Tar.php in ArchiveTar through 1.4.11 allows write operations...

7.8CVSS7.5AI score0.70595EPSS
Exploits2References6
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/06 9:28 p.m.29 views

Security Bulletin: IBM API Connect is impacted by a directory traversal vulnerability in Drupal core SA-CORE-2021-001 (CVE-2020-36193)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-36193 DESCRIPTION: ArchiveTar could allow a remote attacker to traverse directories on the system, caused by inadequate checking of symbolic links. An attacker could send a specially-crafted U...

7.5CVSS1.6AI score0.70595EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/01/25 12:0 a.m.12 views

Drupal 7.x, 8.x, 9.x Archive_Tar library Vulnerability (SA-CORE-2021-001) - Windows

Drupal is prone to a vulnerability in the ArchiveTar library. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.5CVSS7.3AI score0.70595EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/01/25 12:0 a.m.16 views

Drupal 7.x, 8.x, 9.x Archive_Tar library Vulnerability (SA-CORE-2021-001) - Linux

Drupal is prone to a vulnerability in the ArchiveTar library. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.5CVSS7.3AI score0.70595EPSS
Exploits0References3
CISA
CISA
added 2021/01/21 12:0 a.m.26 views

Drupal Releases Security Updates

Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply the necessary updates or mitigations...

6.8AI score
Exploits0References1
Drupal
Drupal
added 2021/01/20 12:0 a.m.50 views

Drupal core - Critical - Third-party libraries - SA-CORE-2021-001

The Drupal project uses the pear ArchiveTar library, which has released a security update that impacts Drupal. For more information please see: CVE-2020-36193 Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them...

7.5CVSS1.7AI score0.70595EPSS
Exploits0References16
Rows per page
Query Builder