6 matches found
Information disclosure
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags...
CVE-2016-9449
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags...
CVE-2016-9449
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags...
CVE-2016-9449
Removed by vendor...
CVE-2016-9449
CVE-2016-9449 affects Drupal core (taxonomy module) on Drupal 7.x before 7.52 and 8.x before 8.2.3. The root cause is an inconsistent use of access query tags (taxonomy_term_access vs term_access) in query alteration, which could disclose taxonomy term information to remote authenticated users. T...
Drupal Fixes 'Moderately Critical' Vulnerabilities in Core Engine
The Drupal Security Team fixed a handful of issues in version 7 and 8 of its content management system core engine this week that could have led to cache poisoning, social engineering attacks and a denial of service condition. Drupal SA-CORE-2016-005 – Moderately Critical Update to Drupal core 7....