Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 128 results


CVE-2024-45440

Medium priority
Needs evaluation

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-34481

Medium priority
Needs evaluation

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page.

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-22362

Medium priority
Needs evaluation

Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2023-31250

Medium priority
Vulnerable

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2022-25278

Low priority
Needs evaluation

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2022-25277

Medium priority
Needs evaluation

Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010)....

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2022-25276

Low priority
Needs evaluation

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting,...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2022-25275

Low priority
Needs evaluation

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2022-25274

Low priority
Needs evaluation

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2022-25273

Medium priority
Needs evaluation

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
Show less packages