Project: Drupal coreDate: 2019-March-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingCVE IDs: CVE-2019-6341Description: Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.Solution: If you are using Drupal 8.6, update to Drupal 8.6.13.If you are using Drupal 8.5 or earlier, update to Drupal 8.5.14.If
More info:
https://www.drupal.org/sa-core-2019-004
OpenSSL vulnerability CVE-2017-3735 Security Advisory Security Advisory Description While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread.
More info:
https://support.f5.com/csp/article/K21462542
https://www.wordfence.com/blog/2019/03/social-warfare-plugin-zero-day-details-and-attack-data/ In our earlier post, we issued a warning to users of the Social Warfare plugin regarding a zero-day vulnerability affecting their sites. At this time, the plugin’s developers have issued a patch for the flaw. All users are urged to update to version 3.5.3 immediately. Vulnerability Details The plugin features functionality that allows users […]
More info:
https://www.wordfence.com/blog/2019/03/social-warfare-plugin-zero-day-details-and-attack-data/
PHP vulnerability CVE-2019-9023 Security Advisory Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A ...
More info:
https://support.f5.com/csp/article/K06372014
PHP vulnerability CVE-2019-9637 Security Advisory Security Advisory Description An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() ...
More info:
https://support.f5.com/csp/article/K53825211
Binutils vulnerabilities CVE-2018-20623, CVE-2018-20651, and CVE-2018-20712 Security Advisory Security Advisory Description CVE-2018-20623 In GNU Binutils 2.31.1, there is a use-after-free in the ...
More info:
https://support.f5.com/csp/article/K38336243
An arbitrary file read vulnerability was discovered in passenger, a webapplication server. A local user allowed to deploy an application topassenger, can take advantage of this flaw by creating a symlink fromthe REVISION file to an arbitrary file on the system and have itscontent displayed through passenger-status.
More info:
https://www.debian.org/security/2019/dsa-4415
Apache Tomcat vulnerability CVE-2017-12617 Security Advisory Security Advisory Description When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to ...
More info:
https://support.f5.com/csp/article/K53173544
Project: Drupal coreDate: 2019-March-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingCVE IDs: CVE-2019-6341Description: Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.Solution: If you are using Drupal 8.6, update to Drupal 8.6.13.If you are using Drupal 8.5 or earlier, update to Drupal 8.5.14.If
More info:
https://www.drupal.org/sa-core-2019-004
It was discovered that Wireshark, a network traffic analyzer, containedseveral vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE,ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial ofservice.
More info:
https://www.debian.org/security/2019/dsa-4416
