Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 128 results


CVE-2020-13663

Medium priority
Vulnerable

Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2020-13665

Medium priority
Not affected

Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not affected
Show less packages

CVE-2020-13664

Medium priority
Not affected

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not affected
Show less packages

CVE-2020-13662

Medium priority
Vulnerable

Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2020-13666

Medium priority
Vulnerable

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10;...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2020-13671

High priority
Fixed

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Fixed
Show less packages

CVE-2020-28949

High priority
Fixed

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

2 affected packages

drupal7, php-pear

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Fixed
php-pear Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-28948

Medium priority
Fixed

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

2 affected packages

drupal7, php-pear

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Fixed
php-pear Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-6342

Low priority
Vulnerable

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2020-11022

Low priority
Needs evaluation

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may...

2 affected packages

drupal7, jquery

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
jquery Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages