| CVE-2018-7602 |
AVG-679 |
Critical |
Yes |
Arbitrary command execution |
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack... |
| CVE-2018-7600 |
AVG-665 |
Critical |
Yes |
Arbitrary code execution |
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack... |
| CVE-2018-14773 |
AVG-744 |
Medium |
Yes |
Access restriction bypass |
Support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header allows a... |
| CVE-2016-9452 |
AVG-74 |
Medium |
Yes |
Denial of service |
A specially crafted URL can cause a denial of service via the transliterate mechanism. |
| CVE-2016-9451 |
AVG-75 |
Medium |
Yes |
Open redirect |
Under certain circumstances, malicious users could construct a URL to a confirmation form that would trick users into being redirected to a 3rd party... |
| CVE-2016-9450 |
AVG-74 |
Low |
Yes |
Content spoofing |
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page. |
| CVE-2016-9449 |
AVG-74 |
Low |
Yes |
Information disclosure |
Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict... |