Количество 1 966
Количество 1 966
CVE-2017-6381
A 3rd party development library including with Drupal 8 development de ...
CVE-2017-6379
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
CVE-2017-6379
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
CVE-2017-6379
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include ...
CVE-2017-6377
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
CVE-2017-6377
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
CVE-2017-6377
When adding a private file via the editor in Drupal 8.2.x before 8.2.7 ...
CVE-2016-9452
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
CVE-2016-9452
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
CVE-2016-9452
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote a ...
CVE-2016-9451
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
CVE-2016-9451
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
CVE-2016-9451
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...
CVE-2016-9450
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
CVE-2016-9450
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
CVE-2016-9450
The user password reset form in Drupal 8.x before 8.2.3 allows remote ...
CVE-2016-9449
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
CVE-2016-9449
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
CVE-2016-9449
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 mig ...
CVE-2016-7572
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| CVE-2017-6381 A 3rd party development library including with Drupal 8 development de ... | CVSS3: 8.1 | 5% Низкий | больше 8 лет назад |
 | CVE-2017-6379 Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
 | CVE-2017-6379 Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-6379 Some administrative paths in Drupal 8.2.x before 8.2.7 did not include ... | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-6377 When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-6377 When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-6377 When adding a private file via the editor in Drupal 8.2.x before 8.2.7 ... | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2016-9452 The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL. | CVSS3: 6.5 | 1% Низкий | больше 8 лет назад |
| CVE-2016-9452 The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL. | CVSS3: 6.5 | 1% Низкий | больше 8 лет назад |
| CVE-2016-9452 The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote a ... | CVSS3: 6.5 | 1% Низкий | больше 8 лет назад |
| CVE-2016-9451 Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. | CVSS3: 6.8 | 0% Низкий | больше 8 лет назад |
| CVE-2016-9451 Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. | CVSS3: 6.8 | 0% Низкий | больше 8 лет назад |
| CVE-2016-9451 Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ... | CVSS3: 6.8 | 0% Низкий | больше 8 лет назад |
| CVE-2016-9450 The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2016-9450 The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2016-9450 The user password reset form in Drupal 8.x before 8.2.3 allows remote ... | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2016-9449 The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. | CVSS3: 4.3 | 0% Низкий | больше 8 лет назад |
| CVE-2016-9449 The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. | CVSS3: 4.3 | 0% Низкий | больше 8 лет назад |
| CVE-2016-9449 The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 mig ... | CVSS3: 4.3 | 0% Низкий | больше 8 лет назад |
| CVE-2016-7572 The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors. | CVSS3: 4.3 | 0% Низкий | больше 8 лет назад |
Уязвимостей на страницу