27 diciembre, 2019 – Javier García

27 diciembre, 2019

Drupal core – Critical – Multiple vulnerabilities – SA-CORE-2019-012

Project: Drupal coreVersion: 8.8.x-dev8.7.x-dev7.x-devDate: 2019-December-18Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Proof/TD:UncommonVulnerability: Multiple vulnerabilitiesDescription: The Drupal project uses the third-party library Archive_Tar, which has released a security improvement that is needed to protect some Drupal configurations.Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes More info: https://www.drupal.org/sa-core-2019-012

27 diciembre, 2019

IBM WebSphere Application Server CVE-2019-4441 Information Disclosure Vulnerability

Type: Vulnerability. IBM WebSphere Application Server is prone to an information disclosure vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111293&om_rssid=sr-advisories

27 diciembre, 2019

lodash CVE-2019-1010266 Denial of Service Vulnerability

Type: Vulnerability. lodash is prone to a denial-of-service vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111295&om_rssid=sr-advisories

27 diciembre, 2019

bbPress Members Only <= 1.2.1 – CSRF on Optional Settings page

More info: https://wpvulndb.com/vulnerabilities/9982

27 diciembre, 2019

Linux Kernel CVE-2019-19966 Denial of Service Vulnerability

Type: Vulnerability. Linux Kernel is prone to a denial-of-service vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111294&om_rssid=sr-advisories

27 diciembre, 2019

Linux Kernel CVE-2019-10220 Directory Traversal Vulnerability

Type: Vulnerability. Linux Kernel is prone to a directory-traversal vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111292&om_rssid=sr-advisories

27 diciembre, 2019

Das U-Boot CVE-2019-13103 Denial of Service Vulnerability

Type: Vulnerability. Das U-Boot is prone to a denial-of-service vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111290&om_rssid=sr-advisories

27 diciembre, 2019

GraphicsMagick CVE-2019-19951 Heap Buffer Overflow Vulnerability

Type: Vulnerability. GraphicsMagick is prone to a heap-based buffer-overflow vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111289&om_rssid=sr-advisories

27 diciembre, 2019

BMC Remedy Smart Reporting CVE-2019-11216 XML External Entity Injection Vulnerability

Type: Vulnerability. BMC Remedy Smart Reporting is prone to an XML External Entity injection vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111291&om_rssid=sr-advisories

27 diciembre, 2019

Kubernetes API Server CVE-2018-1002102 Open Redirection Vulnerability

Type: Vulnerability. Kubernetes API Server is prone to an open-redirection vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111288&om_rssid=sr-advisories

Translate »