81 matches found
DRUPAL-CONTRIB-2022-025
This advisory addresses a similar issue to Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004. The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some conten...
DRUPAL-CORE-2022-004
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...
Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...
Malicious Package
Overview All versions of plutov-slack-client contain malicious code. Upon installation the package opens a shell to a remote server. The package affects both Windows and nix systems. Recommendation Any computer that has this package installed or running should be considered fully compromised. All...
CVE-2017-6925
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on...
Security feature bypass
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on...
CVE-2017-6925
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on...
CVE-2017-6925
Drupal 8 core before 8.3.7 contains an entity access system vulnerability (CVE-2017-6925) that could allow a remote attacker to view, create, update, or delete entities for which UUIDs are missing or where revision-based access differs. Affected versions are Drupal 8 core prior to 8.3.7; the issu...
Drupal 8.x < 8.3.7 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in the views subsystem due to a failure to restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access...
Access Bypass
Drupal is vulnerable to access bypass. The entity access system does not prevent the unauthorized access to view, create, update, or delete entities without UUIDs, and entities with different access restrictions on different revisions of the same entity...
Drupal 8.x < 8.3.7 Multiple Vulnerabilities (SA-CORE-2017-004)
According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.3.7. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the views subsystem due to a failure to restrict access to the Ajax endpoint to only views configured ...
FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)
Drupal Security Team : CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...
Drupal Entity Access Bypass Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An access bypass vulnerability exists in version 8.x of Drupal Entity prior to 8.3.7. An attacker can exploit this vulnerability to bypass security restrictions and perfor...
Entity access bypass for entities that do not have UUIDs or have protected revisions.
More info at https://www.drupal.org/SA-CORE-2017-004...
Entity access bypass for entities that do not have UUIDs or have protected revisions.
More info at https://www.drupal.org/SA-CORE-2017-004...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...
CVE-2012-2304
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...
Code injection
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2012-2304
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2012-2304
CVE-2012-2304 concerns the Linkit module for Drupal (7.x-2.x series). The issue occurs when using an entity access module: during entity searches, Linkit did not enforce access restrictions, allowing remote attackers to view information about content they normally should not access. Affected vers...