Lucene search
+L

6 matches found

CVE
CVE
added 2021/05/05 2:14 p.m.146 views

CVE-2020-13665

CVE-2020-13665 is an access-bypass vulnerability in Drupal Core related to JSON:API when in read/write mode (jsonapi.settings read_only = FALSE). Affected are Drupal Core 8.8.x before 8.8.8; 8.9.x before 8.9.1; 9.0.x before 9.0.1. The issue stems from insufficient validation in JSON:API PATCH req...

9.8CVSS9.1AI score0.01275EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 11:39 p.m.43 views

Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-13664 DESCRIPTION: Drupal core could allow a remote attacker to execute arbitrary code on the system, caused by code injection flaw. By persuading a victim to visit a specially-crafted web...

9.8CVSS1.6AI score0.02978EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/06/26 12:0 a.m.39 views

Drupal 8.9.x < 8.9.1 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.72, 8.8.x prior to 8.8.8, 8.9.x prior to 8.9.1 or 9.0.x prior to 9.0.1. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Request Forgery CSRF due to...

9.8CVSS9.7AI score0.02978EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2020/06/26 12:0 a.m.37 views

Drupal 9.0.x < 9.0.1 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.72, 8.8.x prior to 8.8.8, 8.9.x prior to 8.9.1 or 9.0.x prior to 9.0.1. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Request Forgery CSRF due to...

9.8CVSS9.7AI score0.02978EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2020/06/26 12:0 a.m.55 views

Drupal 8.8.x < 8.8.8 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.72, 8.8.x prior to 8.8.8, 8.9.x prior to 8.9.1 or 9.0.x prior to 9.0.1. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Request Forgery CSRF due to...

9.8CVSS9.7AI score0.02978EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2020/06/19 12:0 a.m.29 views

Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-005, SA-CORE-2020-006) - Linux

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

9.8CVSS9.3AI score0.02978EPSS
Exploits0References2
Rows per page
Query Builder