Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 84 results


CVE-2010-2473

Medium priority
Ignored

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.

1 affected packages

drupal6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal6
Show less packages

CVE-2010-2472

Medium priority
Ignored

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker...

1 affected packages

drupal6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal6
Show less packages

CVE-2010-2250

Medium priority
Ignored

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

1 affected packages

drupal6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal6
Show less packages

CVE-2010-2471

Medium priority
Ignored

Drupal versions 5.x and 6.x has open redirection

1 affected packages

drupal6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal6
Show less packages

CVE-2015-2750

Medium priority

Some fixes available 2 of 5

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//"...

2 affected packages

drupal6, drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal6 Not in release Not in release
drupal7 Not in release Not affected
Show less packages

CVE-2015-2749

Medium priority

Some fixes available 2 of 5

Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

2 affected packages

drupal6, drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal6 Not in release Not in release
drupal7 Not in release Not affected
Show less packages

CVE-2016-7572

Medium priority
Ignored

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via...

2 affected packages

drupal6, drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal6 Not in release
drupal7 Not affected
Show less packages

CVE-2016-7571

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.

2 affected packages

drupal6, drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal6 Not in release
drupal7 Not affected
Show less packages

CVE-2016-7570

Medium priority
Ignored

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.

2 affected packages

drupal6, drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal6 Not in release
drupal7 Not affected
Show less packages

CVE-2016-6211

Medium priority
Vulnerable

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

2 affected packages

drupal6, drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal6 Not in release Not in release Not in release Not in release Not in release
drupal7 Not in release Not in release Not in release Not in release Vulnerable
Show less packages