Day: 18 junio, 2020

Publicado el

Drupal core – Critical – Cross Site Request Forgery – SA-CORE-2020-004

Project: Drupal coreDate: 2020-June-17Security risk: Critical 15∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryCVE IDs: CVE-2020-13663Description: The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.Solution: If you are using Drupal 7.x, upgrade to Drupal 7.72.If you are using Drupal 8.8.x, upgrade to Drupal 8.8.8.If you are using Drupal 8.9.x, upgrade to More info: https://www.drupal.org/sa-core-2020-004
Publicado el

Drupal core – Critical – Cross Site Request Forgery – SA-CORE-2020-004

Project: Drupal coreDate: 2020-June-17Security risk: Critical 15∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryCVE IDs: CVE-2020-13663Description: The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.Solution: If you are using Drupal 7.x, upgrade to Drupal 7.72.If you are using Drupal 8.8.x, upgrade to Drupal 8.8.8.If you are using Drupal 8.9.x, upgrade to More info: https://www.drupal.org/sa-core-2020-004
Publicado el

Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2020-005

Project: Drupal coreDate: 2020-June-17Security risk: Critical 17∕25 AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Arbitrary PHP code executionCVE IDs: CVE-2020-13664Description: Drupal 8 and 9 have a remote code execution vulnerability under certain circumstances.An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could More info: https://www.drupal.org/sa-core-2020-005
Publicado el

Drupal core – Less critical – Access bypass – SA-CORE-2020-006

Project: Drupal coreDate: 2020-June-17Security risk: Less critical 8∕25 AC:Complex/A:User/CI:None/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassCVE IDs: CVE-2020-13665 Description: JSON:API PATCH requests may bypass validation for certain fields.By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.Solution: Install the latest More info: https://www.drupal.org/sa-core-2020-006
Publicado el

libxml2 2.7.8 vulnerability CVE-2010-4494

libxml2 2.7.8 vulnerability CVE-2010-4494 Security Advisory Security Advisory Description Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 ... More info: https://support.f5.com/csp/article/K51182024?utm_source=f5support&utm_medium=RSS
Acceso Administrador
Translate »