GHSA-96VX-QF28-6F8M Drupal Access Control Bypass

Drupal 7.x before 7.3 allows remote attackers to bypass intended nodeaccess restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table...

GHSA-3327-JR93-7HQ3 Drupal access bypass vulnerability

In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...

Drupal access bypass vulnerability

In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...

CVE-2022-22394

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the...

PT-2022-15408 · Ibm · Ibm Spectrum Protect

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect version 8.1.14.000 Description: The issue is caused by improper enforcement of access controls, allowing a remote attacker to bypass security restrictions. By signing in, an attacker could exploit this to bypass security...

CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

CVE-2020-35209

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information...

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. OpenShift suffers from a security vulnerability that can be exploited by an attacker to access a running container that loads kubernet...

Improper Input Validation

Overview puppet is an automated configuration management tool. Affected versions of this package are vulnerable to Improper Input Validation. Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed...

Improper Certificate Validation in Puppet

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

CVE-2016-20001

The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2016-20001

The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

Drupal Security Vulnerabilities

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal REST/JSON project 7.x-1.x that allows node access bypass...

CVE-2016-20001

The CVE-2016-20001 entry concerns the Drupal REST/JSON project (7.x-1.x). According to the sources, this module allows a node access bypass, referenced as SA-CONTRIB-2016-033. The vulnerability is documented across multiple feeds (NVD, Red Hat, CVE lists) with no explicit exploit details in the p...

CVE-2016-20001

The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

DRUPAL-CONTRIB-2020-017

This module enables you to build forms and surveys in Drupal. The Webform Node sub-module allows these forms to be associated with a Drupal node. The Webform Node module does not implement access checking in the same manner as other nodes and entities. As such, writers of custom modules which...