CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-10911
https://notcve.org/view.php?id=CVE-2019-10911
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security. En Symfony la versión anterior a 2.7.51, versión 2.8.x anterior a 2.8.50, versión 3.x anterior a 3.4.26, versión 4.x anterior a 4.1.12 y versión 4.2.x anterior a 4.2.7, una vulnerabilidad permitiría que un atacante se identifique como un Usuario privilegiado en sitios con registro de usuario y recordar la funcionalidad de inicio de sesión habilitada. Esto está relacionado con Symfony/Seguridad. • https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081 https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash https://www.synology.com/security/advisory/Synology_SA_19_19 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-11831
https://notcve.org/view.php?id=CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. El paquete PharStreamWrapper (también conocido como phar-stream-wrapper), versiones 2.x anteriores a 2.1.1 y 3.x anteriores a 3.1.1 para TYPO3, no impide el salto de directorio, lo que permite a los atacantes eludir un mecanismo de protección de deserialización, como lo demuestra una URL phar:///path/bad.phar/../good.phar. • http://www.securityfocus.com/bid/108302 https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1 https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1 https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH https://lists.fedoraproject. • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 4CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propiedad enumerable __proto__, podría extender el Object.prototype nativo. A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. • https://github.com/isacaya/CVE-2019-11358 https://github.com/ossf-cve-benchmark/CVE-2019-11358 https://github.com/Snorlyd/https-nj.gov---CVE-2019-11358 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.1EPSS: 68%CPEs: 6EXPL: 0CVE-2019-6341 – Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004
https://notcve.org/view.php?id=CVE-2019-6341
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability. En Drupal 7, en versiones anteriores a la 7.65; Drupal 8.6, en versiones anteriores a la 8.6.13 y Drupal 8.5, en versiones anteriores a la 8.5.14. En ciertas condiciones, el módulo/subsistema File permite que un usuario malicioso suba un archivo que puede desencadenar una vulnerabilidad Cross-Site Scripting (XSS). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Drupal. • https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 97%CPEs: 2EXPL: 9CVE-2019-6340 – Drupal Core Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6340
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.) Algunos tipos de campos no sanean correctamente los datos provenientes de fuentes "non-form" en Drupal en sus versiones 8.5.x anteriores a la 8.5.11 y en las versiones 8.6.x anteriores a la 8.6.10. • https://www.exploit-db.com/exploits/46510 https://www.exploit-db.com/exploits/46459 https://www.exploit-db.com/exploits/46452 https://github.com/jas502n/CVE-2019-6340 https://github.com/knqyf263/CVE-2019-6340 https://github.com/oways/CVE-2019-6340 https://github.com/DevDungeon/CVE-2019-6340-Drupal-8.6.9-REST-Auth-Bypass https://github.com/nobodyatall648/CVE-2019-6340 http://www.securityfocus.com/bid/107106 https://www.drupal.org/sa-core-2019-003 https://w • CWE-502: Deserialization of Untrusted Data •