|
71
|
9.8
7.5
|
CRITICAL
Network
|
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file opera…
|
CWE-20
Improper Input Validation
|
CVE-2019-6339
|
cpe:2.3:a:drupal:drupal:*:*
|
7.0 8.5.0 8.6.0
|
|
|
7.62 8.5.9 8.6.6
|
2024-11-21 13:46
2019-01-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
6.5
4.0
|
MEDIUM
Network
|
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visi…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2017-6922
|
cpe:2.3:a:drupal:drupal:*:*
|
8.0.0 7.0
|
|
|
8.3.4 7.56
|
2024-11-21 12:30
2019-01-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
8.0
6.0
|
HIGH
Network
|
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-6338
|
cpe:2.3:a:drupal:drupal:*:*
|
7.0 8.5.0 8.6.0
|
|
|
7.62 8.5.9 8.6.6
|
2024-11-21 13:46
2019-01-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
5.9
4.3
|
MEDIUM
Network
|
In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) modu…
|
CWE-20
Improper Input Validation
|
CVE-2017-6921
|
cpe:2.3:a:drupal:drupal:*:*
|
8.0.0
|
|
|
8.3.4
|
2024-11-21 12:30
2019-01-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
7.4
5.8
|
HIGH
Network
|
In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comme…
|
CWE-269
Improper Privilege Management
|
CVE-2017-6924
|
cpe:2.3:a:drupal:drupal:*:*
|
8.0.0
|
|
|
8.3.7
|
2024-11-21 12:30
2019-01-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
9.8
7.5
|
CRITICAL
Network
|
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entit…
|
NVD-CWE-noinfo
|
CVE-2017-6925
|
cpe:2.3:a:drupal:drupal:*:*
|
8.0.0
|
|
|
8.3.7
|
2024-11-21 12:30
2019-01-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
9.8
7.5
|
CRITICAL
Network
|
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
|
CWE-19
Data Processing Errors
|
CVE-2017-6920
|
cpe:2.3:a:drupal:drupal:*:*
|
8.0.0
|
|
|
8.3.4
|
2024-11-21 12:30
2018-08-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
6.5
4.0
|
MEDIUM
Network
|
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises …
|
NVD-CWE-noinfo
|
CVE-2018-14773
|
cpe:2.3:a:drupal:drupal:*:*
|
8.0.0
|
|
|
8.5.6
|
2024-11-21 12:49
2018-08-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
9.8
7.5
|
CRITICAL
Network
|
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could resul…
|
NVD-CWE-noinfo
|
CVE-2018-7602
|
cpe:2.3:a:drupal:drupal:*:*
|
8.4.0 8.5.0 7.0
|
|
|
8.4.8 8.5.3 7.59
|
2024-11-21 13:12
2018-07-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
6.1
4.3
|
MEDIUM
Network
|
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8…
|
CWE-79
Cross-site Scripting
|
CVE-2018-9861
|
cpe:2.3:a:drupal:drupal:*:*
|
8.5.0 8.0.0
|
|
|
8.5.2 8.4.7
|
2024-11-21 13:15
2018-04-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|