Lucene search
K

6 matches found

UbuntuCve
UbuntuCve
added 2014/09/30 2:55 p.m.28 views

CVE-2014-5267

modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document...

6.8CVSS5.9AI score0.03786EPSS
Exploits0References1
CVE
CVE
added 2014/09/30 2:0 p.m.145 views

CVE-2014-5267

CVE-2014-5267 affects Drupal 6.x (before 6.33) and Drupal 7.x (before 7.31). The vulnerability is in modules/openid/xrds.inc where a crafted DOCTYPE declaration in an XRDS document can enable a remote attacker to cause unspecified impact. The root cause is an XRDS DOCTYPE handling weakness in the...

6.8CVSS6.7AI score0.03786EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2014/08/22 12:0 a.m.34 views

Fedora Update for drupal7 FEDORA-2014-9278

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.4AI score0.24385EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2014/08/22 12:0 a.m.31 views

Fedora 20 : drupal7-7.31-1.fc20 (2014-9278)

Update to upstream 7.31 release for SA-CORE-2014-004 This is a bugfix release. For complete details, refer to: https://www.drupal.org/drupal-7.30-release-notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

6.8CVSS5.4AI score0.24385EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2014/08/10 12:0 a.m.37 views

Debian DSA-2999-1 : drupal7 - security update

A denial of service vulnerability was discovered in Drupal, a fully-featured content management framework. A remote attacker could exploit this flaw to cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections, leading to the site becoming unavailable...

6.8CVSS5.4AI score0.24385EPSS
Exploits3References6
Drupal
Drupal
added 2014/08/06 12:0 a.m.662 views

SA-CORE-2014-004 - Drupal core - Denial of service

Drupal 6 and Drupal 7 include an XML-RPC endpoint which is publicly available xmlrpc.php. The PHP XML parser used by this XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site's database to rea...

6.8CVSS6.5AI score0.03786EPSS
Exploits0References21
Rows per page
Query Builder