The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Drupal Core

Drupal Core 7: open redirect via drupal_goto
An attacker can deceive the user via drupal_goto() of Drupal Core 7, in order to redirect him to a malicious site...
6226330, CVE-2020-13662, DLA-2250-1, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, FEDORA-2020-11be4b36d4, VIGILANCE-VUL-32314
jQuery Core: Cross Site Scripting via HtmlPrefilter Regex
An attacker can trigger a Cross Site Scripting via HtmlPrefilter Regex of jQuery Core, in order to run JavaScript code in the context of the web site...
20200601, 20200602, 20200603, 20200604, 20200605, 6217392, 6253319, CERTFR-2020-AVI-310, CERTFR-2020-AVI-335, cpujul2020, CVE-2020-11022, CVE-2020-11023, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, DSA-4693-1, FEDORA-2020-11be4b36d4, FEDORA-2020-7dddce530c, FEDORA-2020-8a15713da2, K02453220, K66544153, NPM-1518, openSUSE-SU-2020:1060-1, openSUSE-SU-2020:1106-1, VIGILANCE-VUL-32007
CKEditor: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of CKEditor, in order to run JavaScript code in the context of the web site...
6208032, 6208039, 6208048, 6208052, 6208328, 6208330, 6208332, 6208333, 6208336, CERTFR-2020-AVI-163, DRUPAL-SA-CORE-2020-001, VIGILANCE-VUL-31824
Drupal Core: Cross Site Scripting via Date Format Configuration
An attacker can trigger a Cross Site Scripting via Date Format Configuration of Drupal Core, in order to run JavaScript code in the context of the web site...
VIGILANCE-VUL-30241
Drupal Core: privilege escalation via Experimental Workspaces Module
An attacker can bypass restrictions via Experimental Workspaces Module of Drupal Core, in order to escalate his privileges...
CERTFR-2019-AVI-347, CVE-2019-6342, DRUPAL-SA-CORE-2019-008, VIGILANCE-VUL-29811
TYPO3 Phar Stream Wrapper: code execution via Deserialization
An attacker can use a vulnerability via Deserialization of TYPO3 Phar Stream Wrapper, in order to run code...
CERTFR-2019-AVI-199, CVE-2019-11831, DLA-1797-1, DRUPAL-SA-CORE-2019-007, DSA-4445-1, FEDORA-2019-040857fd75, FEDORA-2019-3c89837025, FEDORA-2019-41d6ffd6f0, FEDORA-2019-4d93cf2b34, FEDORA-2019-84a50e34a9, FEDORA-2019-a8121923d5, FEDORA-2019-af7bef7165, FEDORA-2019-d5f883429d, TYPO3-PSA-2019-007, VIGILANCE-VUL-29248
jQuery, Symfony: Cross Site Scripting via templates
An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site...
bulletinoct2019, CERTFR-2019-AVI-180, cpujan2020, cpuoct2019, CVE-2019-10909, CVE-2019-11358, DLA-1777-1, DLA-1777-2, DLA-1778-1, DLA-1797-1, DLA-2118-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4434-1, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29070
Symfony, Drupal: privilege escalation via the "remember me" cookie
An attacker can bypass restrictions via the "remember me" cookie of Symfony or Drupal, in order to escalate his privileges...
CERTFR-2019-AVI-180, CVE-2019-10911, DLA-1778-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, Synology-SA-19:19, VIGILANCE-VUL-29065
Symfony, Drupal: code execution via service IDs
An attacker can use a vulnerability via service IDs of Symfony or Drupal, in order to run code...
CERTFR-2019-AVI-180, CVE-2019-10910, DLA-1778-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, Synology-SA-19:19, VIGILANCE-VUL-29064
jQuery Core: privilege escalation via Object.prototype Pollution
An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges...
bulletinoct2019, cpuapr2020, cpujan2020, cpujul2019, cpujul2020, cpuoct2019, CVE-2019-11358, DLA-1797-1, DLA-2118-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4460-1, EZSA-2019-005, FEDORA-2019-2a0ce0c58c, FEDORA-2019-a06dffab1c, FEDORA-2019-f563e66380, NTAP-20190919-0001, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, VIGILANCE-VUL-29030
Our database contains other pages. You can request a free trial to read them.

Display information about Drupal Core: