Lucene search
K

81 matches found

OSV
OSV
added 2022/02/16 5:7 p.m.6 views

DRUPAL-CONTRIB-2022-025

This advisory addresses a similar issue to Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004. The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some conten...

6.5AI score
Exploits0References1
OSV
OSV
added 2022/02/16 4:46 p.m.3 views

DRUPAL-CORE-2022-004

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS6.5AI score0.00769EPSS
Exploits0References1
Drupal
Drupal
added 2022/02/16 12:0 a.m.61 views

Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS2.5AI score0.00769EPSS
Exploits0References18
Node.js
Node.js
added 2020/10/15 7:13 p.m.76 views

Malicious Package

Overview All versions of plutov-slack-client contain malicious code. Upon installation the package opens a shell to a remote server. The package affects both Windows and nix systems. Recommendation Any computer that has this package installed or running should be considered fully compromised. All...

6.9AI score
Exploits0Affected Software1
NVD
NVD
added 2019/01/15 5:29 p.m.15 views

CVE-2017-6925

In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on...

9.8CVSS9.3AI score0.03017EPSS
Exploits0References3
Prion
Prion
added 2019/01/15 5:29 p.m.21 views

Security feature bypass

In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on...

7.5CVSS9.2AI score0.03017EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/01/15 5:0 p.m.27 views

CVE-2017-6925

In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on...

9.3AI score0.03017EPSS
Exploits0References3
CVE
CVE
added 2019/01/15 5:0 p.m.130 views

CVE-2017-6925

Drupal 8 core before 8.3.7 contains an entity access system vulnerability (CVE-2017-6925) that could allow a remote attacker to view, create, update, or delete entities for which UUIDs are missing or where revision-based access differs. Affected versions are Drupal 8 core prior to 8.3.7; the issu...

9.8CVSS9.1AI score0.03017EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.24 views

Drupal 8.x < 8.3.7 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in the views subsystem due to a failure to restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access...

9.8CVSS8.4AI score0.03017EPSS
Exploits0References5
Veracode
Veracode
added 2017/10/26 7:0 a.m.24 views

Access Bypass

Drupal is vulnerable to access bypass. The entity access system does not prevent the unauthorized access to view, create, update, or delete entities without UUIDs, and entities with different access restrictions on different revisions of the same entity...

9.8CVSS9.1AI score0.03017EPSS
Exploits0References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2017/08/24 12:0 a.m.59 views

Drupal 8.x < 8.3.7 Multiple Vulnerabilities (SA-CORE-2017-004)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.3.7. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the views subsystem due to a failure to restrict access to the Ajax endpoint to only views configured ...

9.8CVSS7.7AI score0.03017EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/08/21 12:0 a.m.39 views

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)

Drupal Security Team : CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

9.8CVSS7.6AI score0.03017EPSS
Exploits0References4
CNVD
CNVD
added 2017/08/17 12:0 a.m.6 views

Drupal Entity Access Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An access bypass vulnerability exists in version 8.x of Drupal Entity prior to 8.3.7. An attacker can exploit this vulnerability to bypass security restrictions and perfor...

9.8CVSS9.2AI score0.03017EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2017/08/16 5:10 p.m.25 views

Entity access bypass for entities that do not have UUIDs or have protected revisions.

More info at https://www.drupal.org/SA-CORE-2017-004...

9.8CVSS7.2AI score0.03017EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/08/16 5:10 p.m.23 views

Entity access bypass for entities that do not have UUIDs or have protected revisions.

More info at https://www.drupal.org/SA-CORE-2017-004...

9.8CVSS7.2AI score0.03017EPSS
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2017/08/16 12:0 a.m.31 views

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

9.8CVSS3AI score0.03017EPSS
Exploits0
NVD
NVD
added 2012/08/14 10:55 p.m.16 views

CVE-2012-2304

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...

4.3CVSS6.3AI score0.02097EPSS
Exploits0References8
Prion
Prion
added 2012/08/14 10:55 p.m.14 views

Code injection

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...

4.3CVSS6.7AI score0.02097EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2012/08/14 10:0 p.m.21 views

CVE-2012-2304

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...

6.3AI score0.02097EPSS
Exploits0References8
CVE
CVE
added 2012/08/14 10:0 p.m.40 views

CVE-2012-2304

CVE-2012-2304 concerns the Linkit module for Drupal (7.x-2.x series). The issue occurs when using an entity access module: during entity searches, Linkit did not enforce access restrictions, allowing remote attackers to view information about content they normally should not access. Affected vers...

4.3CVSS6.4AI score0.02097EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder