Project: Drupal coreDate: 2018-March-28Security risk: Highly critical 21∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code Execution Description: CVE: CVE-2018-7600A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.The security team has written an FAQ about this
More info:
https://www.drupal.org/sa-core-2018-002
More info:
https://wpvulndb.com/vulnerabilities/9049
cURL and libcurl vulnerability CVE-2017-2628. Security Advisory. Security Advisory Description. cURL, as shipped in Red ...
More info:
https://support.f5.com/csp/article/K35453761
More info:
https://wpvulndb.com/vulnerabilities/9047
A heap corruption vulnerability was discovered in net-snmp, a suite ofSimple Network Management Protocol applications, triggered when parsingthe PDU prior to the authentication process. A remote, unauthenticatedattacker can take advantage of this flaw to crash the snmpd process(causing a denial of service) or, potentially, execute arbitrary codewith the privileges of the user running snmpd.
More info:
https://www.debian.org/security/2018/dsa-4154
Bjorn Bosselmann discovered that the umount bash completion fro
More info:
https://www.debian.org/security/2018/dsa-4134
It was discovered that a use-after-free in the compositor of Firefoxcan result in the execution of arbitrary code.
More info:
https://www.debian.org/security/2018/dsa-4153
Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-bookviewer, which may result in denial of service or remote code execution.An attacker can craft a PDF document which, when opened in the victimhost, might consume vast amounts of memory, crash the program, or, insome cases, execute code in the context in which the application isrunning.
More info:
https://www.debian.org/security/2018/dsa-4152
More info:
https://wpvulndb.com/vulnerabilities/9048
