Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

31 – 40 of 128 results


CVE-2020-11023

Low priority
Vulnerable

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e....

2 affected packages

drupal7, jquery

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
jquery Not in release Not in release Vulnerable Vulnerable Not affected
Show less packages

CVE-2011-2726

Low priority

Not in release

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7
Show less packages

CVE-2019-10911

Medium priority
Vulnerable

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember...

2 affected packages

drupal7, symfony

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Not affected
symfony Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2019-10910

Medium priority
Vulnerable

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to...

2 affected packages

drupal7, symfony

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Not affected
symfony Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2019-10909

Medium priority
Vulnerable

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related...

2 affected packages

drupal7, symfony

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Not affected
symfony Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2019-11831

Medium priority
Vulnerable

The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2019-11358

Low priority
Vulnerable

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property,...

5 affected packages

drupal7, jquery, mediawiki, node-jquery, otrs2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
jquery Not in release Not in release Not affected Vulnerable Vulnerable
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
node-jquery Not affected Not affected Not affected Vulnerable Vulnerable
otrs2 Not in release Needs evaluation Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2019-6341

Medium priority
Vulnerable

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2019-6340

Medium priority
Not affected

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not affected
Show less packages

CVE-2019-6339

Medium priority
Vulnerable

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar://...

1 affected packages

drupal7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Vulnerable
Show less packages