CVSS: 6.1EPSS: 65%CPEs: 6EXPL: 0CVE-2019-6341 – Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004
https://notcve.org/view.php?id=CVE-2019-6341
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability. En Drupal 7, en versiones anteriores a la 7.65; Drupal 8.6, en versiones anteriores a la 8.6.13 y Drupal 8.5, en versiones anteriores a la 8.5.14. En ciertas condiciones, el módulo/subsistema File permite que un usuario malicioso suba un archivo que puede desencadenar una vulnerabilidad Cross-Site Scripting (XSS). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Drupal. • https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 89%CPEs: 5EXPL: 0CVE-2019-6339 – PHAR stream wrapper Arbitrary PHP code execution
https://notcve.org/view.php?id=CVE-2019-6339
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration. En Drupal Core, en sus versiones 7.x anteriores a la 7.62, en las 8.6.x anteriores a la 8.6.6 y en las 8.5.x anteriores a la 8.5.9, existe una vulnerabilidad de ejecución remota de código en el wrapper de transmisión phar integrada del PHP cuando se ejecutan operaciones de archivo en un URI "phar://" no fiable. Algún código Drupal ("core", "contrib" y "custom") puede estar ejecutando operaciones de archivo en las entradas de usuarios no validadas de manera suficiente, lo que hace que estos se expongan a esta vulnerabilidad. • https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html https://www.debian.org/security/2019/dsa-4370 https://www.drupal.org/sa-core-2019-002 • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-6338 – third-party PEAR Archive_Tar library updates
https://notcve.org/view.php?id=CVE-2019-6338
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details Drupal Core, en sus versiones 7.x anteriores a la 7.62, en las 8.6.x anteriores a la 8.6.6 y en las 8.5.x anteriores a la 8.5.9, utiliza la biblioteca "PEAR Archive_Tar" de terceros. Esta biblioteca ha publicado una actualización de seguridad que impacta en algunas configuraciones de Drupal. Véase CVE-2018-1000888 para más información. • http://www.securityfocus.com/bid/106706 https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html https://www.debian.org/security/2019/dsa-4370 https://www.drupal.org/sa-core-2019-001 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 87%CPEs: 9EXPL: 0CVE-2018-14773
https://notcve.org/view.php?id=CVE-2018-14773
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \Symfony\Component\HttpFoundation\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning. • http://www.securityfocus.com/bid/104943 http://www.securitytracker.com/id/1041405 https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html https://seclists.org/bugtraq/2019/May/21 https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers https://www.debian.org/security/2019/dsa-4441 https://www.drupal.org/SA-CORE-2018-005 •
CVSS: 9.8EPSS: 97%CPEs: 6EXPL: 5CVE-2018-7602 – Drupal Core Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7602
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. Existe una vulnerabilidad de ejecución remota de código en múltiples subsistemas de Drupal en versiones 7.x y 8.x. • https://www.exploit-db.com/exploits/44557 https://www.exploit-db.com/exploits/44542 https://github.com/happynote3966/CVE-2018-7602 https://github.com/132231g/CVE-2018-7602 https://github.com/kastellanos/CVE-2018-7602 http://www.securityfocus.com/bid/103985 http://www.securitytracker.com/id/1040754 https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html https://www.debian.org/security/2018/dsa-4180 https://www.drupal.org/sa-core-2018-004 •