Vulnerabilities > Drupal > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-19 | CVE-2020-28948 | Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. | 7.8 |
2019-11-22 | CVE-2012-2079 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Activity 6.X1.X A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. | 8.8 |
2019-11-15 | CVE-2011-2726 | Incorrect Authorization vulnerability in multiple products An access bypass issue was found in Drupal 7.x before version 7.5. | 7.5 |
2019-11-11 | CVE-2019-18856 | Incorrect Permission Assignment for Critical Resource vulnerability in Drupal SVG Sanitizer A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | 7.5 |
2019-05-16 | CVE-2019-10911 | Improper Authentication vulnerability in multiple products In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. | 7.5 |
2019-02-21 | CVE-2019-6340 | Deserialization of Untrusted Data vulnerability in Drupal Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. | 8.1 |
2019-01-22 | CVE-2019-6338 | Deserialization of Untrusted Data vulnerability in multiple products In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. | 8.0 |
2019-01-15 | CVE-2017-6924 | Improper Privilege Management vulnerability in Drupal In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. | 7.4 |
2018-04-04 | CVE-2018-9205 | Path Traversal vulnerability in Drupal Avatar Uploader 7.X1.0 Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. | 7.5 |
2018-03-01 | CVE-2017-6930 | Unspecified vulnerability in Drupal In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. | 8.1 |