CVE search results

121 – 129 of 129 results

Detailed view

Sort by:

CVE-2012-2153

Medium priority

Ignored

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all...

3 affected packages

drupal5, drupal6, drupal7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
drupal5	—	—	—	—	Not in release
drupal6	—	—	—	—	Not in release
drupal7	—	—	—	—	Not affected

CVE-2012-1591

Medium priority

Ignored

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

3 affected packages

drupal5, drupal6, drupal7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
drupal5	—	—	—	—	Not in release
drupal6	—	—	—	—	Not in release
drupal7	—	—	—	—	Not affected

CVE-2012-1590

Medium priority

Ignored

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

3 affected packages

drupal5, drupal6, drupal7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
drupal5	—	—	—	—	Not in release
drupal6	—	—	—	—	Not in release
drupal7	—	—	—	—	Not affected

CVE-2012-1588

Medium priority

Ignored

Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of...

3 affected packages

drupal5, drupal6, drupal7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
drupal5	—	—	—	—	Not in release
drupal6	—	—	—	—	Not in release
drupal7	—	—	—	—	Not affected

CVE-2012-2922

Negligible priority

Ignored

The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.

1 affected packages

drupal7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
drupal7	—	—	—	—	Not affected

CVE-2012-1589

Medium priority

Ignored

Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.

3 affected packages

drupal5, drupal6, drupal7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
drupal5	—	—	—	—	Not in release
drupal6	—	—	—	—	Not in release
drupal7	—	—	—	—	Not affected

CVE-2007-6752

Low priority

Ignored

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the...

2 affected packages

drupal6, drupal7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
drupal6	Not in release	Not in release	Not in release	Not in release	Not in release
drupal7	Not in release	Not in release	Not in release	Not in release	Not affected

CVE-2011-3730

Low priority

Not in release

Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated...

1 affected packages

drupal7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
drupal7	—	—	—	—	—

CVE-2011-2687

Medium priority

Not affected

Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.

2 affected packages

drupal6, drupal7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
drupal6	—	—	—	—	—
drupal7	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports