82 matches found
MAL-2023-8108 Malicious code in surf-sharekit-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 449f014291c34fa4bc1a855658d8ff0b9fe4788e1986e2410d3dc82ac8e50abb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in marketplace-ibm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2229ff8297b170086d48bec628cc6f20b8a1d8ff26af91033c0e1049a43e9cb6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Access bypass in Drupal core
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...
GHSA-7JR4-HGQX-VWGQ Access bypass in Drupal core
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...
CVE-2022-25274
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...
Design/Logic Flaw
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...
CVE-2022-25274
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...
Drupal 安全漏洞
Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal version 9.3, which stems from the fact that the Common Entity Access API is not fully integrated with existing permissions, resulting in the possibility of certai...
CVE-2022-25274
CVE-2022-25274 concerns Drupal 9.3 where a generic entity access API for revisions was not fully integrated with existing permissions. The root cause is the incomplete integration between the revisions API and per-item access controls, which can permit access bypass for users who can use revision...
PT-2023-12782 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal version 9.3 Description: The issue arises from the incomplete integration of the generic entity access API for entity revisions with existing permissions in Drupal 9.3. This results in possible access bypass for users who have access t...
CVE-2022-25274
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...
Drupal 9.5.x < 9.5.5 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...
Drupal 9.4.x < 9.4.12 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...
Drupal 7.x < 7.95 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...
Drupal 10.0.x < 10.0.5 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...
DRUPAL-CORE-2023-002
The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002
The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...
Drupal 7.x < 7.95 / 9.4.x < 9.4.12 / 9.5.x < 9.5.5 / 10.x < 10.0.5 Multiple Vulnerabilities (drupal-2023-03-15)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5, or 10.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities. - Drupal core provides a page that outputs the markup...
Drupal 9.4.x < 9.4.10 / 9.5.x < 9.5.2 / 10.0.x < 10.0.2 Drupal Vulnerability (SA-CORE-2023-001)
According to its self-reported version, the instance of Drupal running on the remote web server is 9.4.x prior to 9.4.10 or 9.5.x prior to 9.5.2 or 10.0.x prior to 10.0.2. It is, therefore, affected by a vulnerability. - The Media Library module does not properly check entity access in some...
DRUPAL-CORE-2023-001
The Media Library module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The vulnerability is mitigated by the fact that the inaccessible media will only be visib...