The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Drupal Core

CKEditor: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of CKEditor, in order to run JavaScript code in the context of the web site...
6208032, 6208039, 6208048, 6208052, 6208328, 6208330, 6208332, 6208333, 6208336, CERTFR-2020-AVI-163, DRUPAL-SA-CORE-2020-001, VIGILANCE-VUL-31824
Drupal Core: Cross Site Scripting via Date Format Configuration
An attacker can trigger a Cross Site Scripting via Date Format Configuration of Drupal Core, in order to run JavaScript code in the context of the web site...
VIGILANCE-VUL-30241
Drupal Core: privilege escalation via Experimental Workspaces Module
An attacker can bypass restrictions via Experimental Workspaces Module of Drupal Core, in order to escalate his privileges...
CERTFR-2019-AVI-347, CVE-2019-6342, DRUPAL-SA-CORE-2019-008, VIGILANCE-VUL-29811
TYPO3 Phar Stream Wrapper: code execution via Deserialization
An attacker can use a vulnerability via Deserialization of TYPO3 Phar Stream Wrapper, in order to run code...
CERTFR-2019-AVI-199, CVE-2019-11831, DLA-1797-1, DRUPAL-SA-CORE-2019-007, DSA-4445-1, FEDORA-2019-040857fd75, FEDORA-2019-3c89837025, FEDORA-2019-41d6ffd6f0, FEDORA-2019-4d93cf2b34, FEDORA-2019-84a50e34a9, FEDORA-2019-a8121923d5, FEDORA-2019-af7bef7165, FEDORA-2019-d5f883429d, TYPO3-PSA-2019-007, VIGILANCE-VUL-29248
jQuery, Symfony: Cross Site Scripting via templates
An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site...
bulletinoct2019, CERTFR-2019-AVI-180, cpujan2020, cpuoct2019, CVE-2019-10909, CVE-2019-11358, DLA-1777-1, DLA-1777-2, DLA-1778-1, DLA-1797-1, DLA-2118-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4434-1, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29070
Symfony, Drupal: privilege escalation via the "remember me" cookie
An attacker can bypass restrictions via the "remember me" cookie of Symfony or Drupal, in order to escalate his privileges...
CERTFR-2019-AVI-180, CVE-2019-10911, DLA-1778-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, Synology-SA-19:19, VIGILANCE-VUL-29065
Symfony, Drupal: code execution via service IDs
An attacker can use a vulnerability via service IDs of Symfony or Drupal, in order to run code...
CERTFR-2019-AVI-180, CVE-2019-10910, DLA-1778-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, Synology-SA-19:19, VIGILANCE-VUL-29064
jQuery Core: privilege escalation via Object.prototype Pollution
An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges...
bulletinoct2019, cpuapr2020, cpujan2020, cpujul2019, cpuoct2019, CVE-2019-11358, DLA-1797-1, DLA-2118-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4460-1, EZSA-2019-005, FEDORA-2019-2a0ce0c58c, FEDORA-2019-a06dffab1c, FEDORA-2019-f563e66380, NTAP-20190919-0001, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, VIGILANCE-VUL-29030
Drupal Core: Cross Site Scripting via File Module/Subsystem
An attacker can trigger a Cross Site Scripting via File Module/Subsystem of Drupal Core, in order to run JavaScript code in the context of the web site...
CVE-2019-6341, DLA-1746-1, DRUPAL-SA-CORE-2019-004, DSA-4412-1, FEDORA-2019-2fbce03df3, FEDORA-2019-35589cfcb5, ibm10879443, Synology-SA-19:13, VIGILANCE-VUL-28786, ZDI-19-291
Drupal Core: code execution via Phar Stream Wrapper
An attacker can use a vulnerability via Phar Stream Wrapper of Drupal Core, in order to run code...
CERTFR-2019-AVI-027, CVE-2019-6339, DLA-1659-1, DRUPAL-SA-CORE-2019-001, DRUPAL-SA-CORE-2019-002, DSA-4370-1, FEDORA-2019-0c1d62bf5b, FEDORA-2019-82df33e428, VIGILANCE-VUL-28299, ZDI-19-130
Our database contains other pages. You can request a free trial to read them.

Display information about Drupal Core: