Drupal.org Drupal Core
8 CVEs affecting Drupal.org Drupal Core. Latest disclosed: 2018-08-06. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-6920 | | 2018-08-06 | Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certai… | |
CVE-2017-6932 | | 2018-03-01 | Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in v… | |
CVE-2017-6931 | | 2018-03-01 | In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the… | |
CVE-2017-6930 | | 2018-03-01 | In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the… | |
CVE-2017-6929 | | 2018-03-01 | A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requ… | |
CVE-2017-6928 | | 2018-03-01 | Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the us… | |
CVE-2017-6927 | | 2018-03-01 | Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially danger… | |
CVE-2017-6926 | | 2018-03-01 | In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are… |