Lucene search
K

82 matches found

OSV
OSV
added 2023/09/16 2:4 p.m.15 views

MAL-2023-8108 Malicious code in surf-sharekit-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 449f014291c34fa4bc1a855658d8ff0b9fe4788e1986e2410d3dc82ac8e50abb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/08/14 3:47 a.m.5 views

Malicious code in marketplace-ibm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2229ff8297b170086d48bec628cc6f20b8a1d8ff26af91033c0e1049a43e9cb6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/04/26 3:30 p.m.19 views

Access bypass in Drupal core

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

5.4CVSS6AI score0.00423EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/26 3:30 p.m.13 views

GHSA-7JR4-HGQX-VWGQ Access bypass in Drupal core

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

5.4CVSS5.2AI score0.00423EPSS
Exploits0References3
NVD
NVD
added 2023/04/26 2:15 p.m.32 views

CVE-2022-25274

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

5.4CVSS5.3AI score0.00423EPSS
Exploits0References1
Prion
Prion
added 2023/04/26 2:15 p.m.9 views

Design/Logic Flaw

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

5.5CVSS5.4AI score0.00423EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/04/26 2:15 p.m.15 views

CVE-2022-25274

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

5.4CVSS6.1AI score0.00423EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.6 views

Drupal 安全漏洞

Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal version 9.3, which stems from the fact that the Common Entity Access API is not fully integrated with existing permissions, resulting in the possibility of certai...

5.4CVSS5.6AI score0.00423EPSS
Exploits0References2
CVE
CVE
added 2023/04/26 12:0 a.m.145 views

CVE-2022-25274

CVE-2022-25274 concerns Drupal 9.3 where a generic entity access API for revisions was not fully integrated with existing permissions. The root cause is the incomplete integration between the revisions API and per-item access controls, which can permit access bypass for users who can use revision...

5.4CVSS5.2AI score0.00423EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.4 views

PT-2023-12782 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal version 9.3 Description: The issue arises from the incomplete integration of the generic entity access API for entity revisions with existing permissions in Drupal 9.3. This results in possible access bypass for users who have access t...

5.4CVSS5.2AI score0.00423EPSS
Exploits0References12
OSV
OSV
added 2023/04/26 12:0 a.m.24 views

CVE-2022-25274

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

5.4CVSS5.7AI score0.00423EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/03/16 12:0 a.m.16 views

Drupal 9.5.x < 9.5.5 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...

6.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/16 12:0 a.m.17 views

Drupal 9.4.x < 9.4.12 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...

6.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/16 12:0 a.m.27 views

Drupal 7.x < 7.95 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...

6.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/16 12:0 a.m.20 views

Drupal 10.0.x < 10.0.5 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...

6.5AI score
Exploits0References4
OSV
OSV
added 2023/03/15 4:21 p.m.3 views

DRUPAL-CORE-2023-002

The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...

6.8AI score
Exploits0References1
Drupal
Drupal
added 2023/03/15 12:0 a.m.25 views

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002

The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...

3.1AI score
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2023/03/15 12:0 a.m.20 views

Drupal 7.x < 7.95 / 9.4.x < 9.4.12 / 9.5.x < 9.5.5 / 10.x < 10.0.5 Multiple Vulnerabilities (drupal-2023-03-15)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5, or 10.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities. - Drupal core provides a page that outputs the markup...

5.6AI score
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/01/27 12:0 a.m.25 views

Drupal 9.4.x < 9.4.10 / 9.5.x < 9.5.2 / 10.0.x < 10.0.2 Drupal Vulnerability (SA-CORE-2023-001)

According to its self-reported version, the instance of Drupal running on the remote web server is 9.4.x prior to 9.4.10 or 9.5.x prior to 9.5.2 or 10.0.x prior to 10.0.2. It is, therefore, affected by a vulnerability. - The Media Library module does not properly check entity access in some...

5.7AI score
Exploits0References6
OSV
OSV
added 2023/01/18 5:40 p.m.3 views

DRUPAL-CORE-2023-001

The Media Library module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The vulnerability is mitigated by the fact that the inaccessible media will only be visib...

6.7AI score
Exploits0References1
Rows per page
Query Builder