Lucene search
K

20 matches found

OSV
OSV
added 2023/11/29 3:27 p.m.3 views

DRUPAL-CONTRIB-2023-053

The Xsendfile module enables fast transfer for private files in Drupal. In order to control private file downloads, the module overrides ImageStyleDownloadController, for which a vulnerability was disclosed in SA-CORE-2023-005. The Xsendfile module was still based on an insecure version of...

6.8AI score
Exploits0References1
Drupal
Drupal
added 2023/11/29 12:0 a.m.22 views

Xsendfile - Moderately critical - Access bypass - SA-CONTRIB-2023-053

The Xsendfile module enables fast transfer for private files in Drupal. In order to control private file downloads, the module overrides ImageStyleDownloadController, for which a vulnerability was disclosed in SA-CORE-2023-005. The Xsendfile module was still based on an insecure version of...

7AI score
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.17 views

Fedora 39 : drupal7 (2023-b659c62db9)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b659c62db9 advisory. - 7.98 - 7.97 - 7.96 - SA-CORE-2023-005 - 7.95 - SA-CORE-2023-004 - 7.94 - 7.93 Tenable has extracted the preceding description block directly from the Fedor...

5.6AI score
Exploits0References1
Cvelist
Cvelist
added 2023/09/28 6:17 p.m.41 views

CVE-2023-5256 Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

7.5AI score0.00694EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2023/09/21 12:0 a.m.25 views

Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Windows

Drupal is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

7.5CVSS7.5AI score0.00694EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2023/09/20 12:0 a.m.346 views

Drupal 9.5.x < 9.5.11 / 10.x < 10.0.11 / 10.1.x < 10.1.4 Drupal Vulnerability (SA-CORE-2023-006)

According to its self-reported version, the instance of Drupal running on the remote web server is 9.5.x prior to 9.5.11, 10.x prior to 10.0.11, or 10.1.x prior to 10.1.4. It is, therefore, affected by a vulnerability. - In certain scenarios, Drupal's JSON:API module will output error backtraces...

7.5CVSS6.5AI score0.00694EPSS
Exploits2References7
OpenVAS
OpenVAS
added 2023/04/27 12:0 a.m.18 views

Drupal Access Bypass Vulnerability (SA-CORE-2023-005) - Windows

Drupal is prone to an access bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

6.5CVSS6.5AI score0.0054EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.20 views

Drupal 7.x < 7.96 / 9.4.x < 9.4.14 / 9.5.x < 9.5.8 / 10.x < 10.0.8 Drupal Vulnerability (SA-CORE-2023-005)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.96, 9.4.x prior to 9.4.14, 9.5.x prior to 9.5.8, or 10.x prior to 10.0.8. It is, therefore, affected by a vulnerability. - The file download facility doesn't sufficiently sanitize fil...

6.5CVSS5.9AI score0.0054EPSS
Exploits0References8
Drupal
Drupal
added 2023/04/19 12:0 a.m.133 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

6.5CVSS6.5AI score0.0054EPSS
Exploits0References25
OpenVAS
OpenVAS
added 2023/03/16 12:0 a.m.6 views

Drupal Multiple Vulnerabilities (SA-CORE-2023-002, SA-CORE-2023-003) - Windows

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

5.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/16 12:0 a.m.9 views

Drupal Multiple Vulnerabilities (SA-CORE-2023-002, SA-CORE-2023-003) - Linux

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

5.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/16 12:0 a.m.9 views

Drupal Access Bypass Vulnerability (SA-CORE-2023-004) - Windows

Drupal is prone to an access bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

5.5AI score
Exploits0References1
Drupal
Drupal
added 2023/03/15 12:0 a.m.15 views

Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010

The Media Responsive Thumbnail module allows media reference fields to be rendered as a responsive image. This module does not properly check entity access prior to rendering media. This may result in users seeing thumbnails of media items they do not have access to. This release was coordinated...

6.6AI score
Exploits0References10
Drupal
Drupal
added 2023/03/15 12:0 a.m.29 views

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003

The language module provides a Language switcher block which can be placed to provide links to quickly switch between different languages. The URL of unpublished translations may be disclosed. When used in conjunction with a module like Pathauto, this may reveal the title of unpublished content...

1.2AI score
Exploits0References13
Drupal
Drupal
added 2023/03/15 12:0 a.m.22 views

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002

The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...

3.1AI score
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2023/01/27 12:0 a.m.24 views

Drupal 9.4.x < 9.4.10 / 9.5.x < 9.5.2 / 10.0.x < 10.0.2 Drupal Vulnerability (SA-CORE-2023-001)

According to its self-reported version, the instance of Drupal running on the remote web server is 9.4.x prior to 9.4.10 or 9.5.x prior to 9.5.2 or 10.0.x prior to 10.0.2. It is, therefore, affected by a vulnerability. - The Media Library module does not properly check entity access in some...

5.7AI score
Exploits0References6
OpenVAS
OpenVAS
added 2023/01/20 12:0 a.m.7 views

Drupal Information Disclosure Vulnerability (SA-CORE-2023-001) - Linux

Drupal is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

5.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2023/01/20 12:0 a.m.8 views

Drupal Information Disclosure Vulnerability (SA-CORE-2023-001) - Windows

Drupal is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/19 12:0 a.m.24 views

Drupal 9.4.x < 9.4.10 / 9.5.x < 9.5.2 / 10.0.x < 10.0.2 Drupal Vulnerability (SA-CORE-2023-001) (Deprecated)

According to its self-reported version, the instance of Drupal running on the remote web server is 9.4.x prior to 9.4.10 or 9.5.x prior to 9.5.2 or 10.0.x prior to 10.0.2. It is, therefore, affected by a vulnerability. - The Media Library module does not properly check entity access in some...

Exploits0References6
Drupal
Drupal
added 2023/01/18 12:0 a.m.68 views

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-001

The Media Library module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The vulnerability is mitigated by the fact that the inaccessible media will only be visib...

4.6AI score
Exploits0References14
Rows per page
Query Builder