Search for packages
| purl | pkg:deb/debian/drupal7@7.52-2%2Bdeb9u11 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-35zf-t4ak-aaae | The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. |
CVE-2019-11831
GHSA-xv7v-rf6g-xwrc |
| VCID-3vvp-6wh9-aaam | Arbitrary PHP code execution in Drupal |
CVE-2019-6339
GHSA-8cw5-rv98-5c46 |
| VCID-4pjz-5ytr-aaag | Vulnerable third party libraries in certain configurations of Symfony |
CVE-2019-6338
GHSA-6rmq-x2hv-vxpp |
| VCID-539x-pa7r-aaaf | Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. |
CVE-2018-7600
GHSA-7fh9-933g-885p |
| VCID-a9fr-apdt-aaac | security update |
DSA-4323-1 drupal7
|
| VCID-d53w-5nj5-aaaf | In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability. |
CVE-2019-6341
GHSA-cmmh-8mwp-gq5p |
| VCID-dwc5-nygz-aaan | Incorrect Permission Assignment for Critical Resource When using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations. |
CVE-2017-6928
GHSA-66mv-q8r2-hj8w |
| VCID-fhgh-jkwa-aaah | In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
CVE-2020-11023
GHSA-jpcq-cgw6-v4j6 |
| VCID-kkd1-e4k1-aaam | In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
CVE-2020-11022
GHSA-gxr4-xjj5-5px2 |
| VCID-nmnf-at11-aaag | Files uploaded by anonymous users accessed by other users Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core does not provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system. |
CVE-2017-6922
GHSA-58f3-cx8p-h8jg |
| VCID-rdb7-bn6u-aaaq | Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions. |
CVE-2020-13662
GHSA-gjqg-9rhv-qj67 |
| VCID-sdrj-zubv-aaak | Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. |
CVE-2020-13663
GHSA-m648-hpf8-qcjw |
| VCID-sexy-1ad2-aaab | JavaScript cross-site scripting prevention is incomplete Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output is not auto-escaped by either Drupal 7 or Drupal 8). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected. |
CVE-2017-6927
GHSA-585j-5449-mf5m |
| VCID-snyd-uvt1-aaac | Cross-site Scripting A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. |
CVE-2017-6929
GHSA-5vpr-v24w-mmjj |
| VCID-t73t-tzz5-aaaa | URL Redirection to Untrusted Site (Open Redirect) Drupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site. |
CVE-2017-6932
GHSA-wm86-w3cf-h6vm |
| VCID-tmu9-vjgy-aaab | A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. |
CVE-2018-7602
GHSA-297x-j9pm-xjgg |
| VCID-tv97-anfg-aaam | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. |
CVE-2019-11358
GHSA-6c3j-c64m-qhgq |
| VCID-van2-s7yd-aaap | Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. |
CVE-2015-7943
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T11:08:09.617554+00:00 | Debian Oval Importer | Fixing | VCID-rdb7-bn6u-aaaq | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T11:03:56.872796+00:00 | Debian Oval Importer | Fixing | VCID-dwc5-nygz-aaan | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T11:02:21.761950+00:00 | Debian Oval Importer | Fixing | VCID-sexy-1ad2-aaab | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T11:01:01.150335+00:00 | Debian Oval Importer | Fixing | VCID-sdrj-zubv-aaak | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:59:21.342742+00:00 | Debian Oval Importer | Fixing | VCID-snyd-uvt1-aaac | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:59:10.054903+00:00 | Debian Oval Importer | Fixing | VCID-539x-pa7r-aaaf | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:57:46.316900+00:00 | Debian Oval Importer | Fixing | VCID-d53w-5nj5-aaaf | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:54:47.137119+00:00 | Debian Oval Importer | Fixing | VCID-tmu9-vjgy-aaab | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:40:37.693350+00:00 | Debian Oval Importer | Fixing | VCID-3vvp-6wh9-aaam | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:40:13.495537+00:00 | Debian Oval Importer | Fixing | VCID-tv97-anfg-aaam | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:38:29.047736+00:00 | Debian Oval Importer | Fixing | VCID-35zf-t4ak-aaae | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:36:03.281788+00:00 | Debian Oval Importer | Fixing | VCID-4pjz-5ytr-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:33:16.561456+00:00 | Debian Oval Importer | Fixing | VCID-nmnf-at11-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:30:13.384244+00:00 | Debian Oval Importer | Fixing | VCID-a9fr-apdt-aaac | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:26:47.113530+00:00 | Debian Oval Importer | Fixing | VCID-kkd1-e4k1-aaam | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:24:07.363746+00:00 | Debian Oval Importer | Fixing | VCID-fhgh-jkwa-aaah | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:15:47.774113+00:00 | Debian Oval Importer | Fixing | VCID-t73t-tzz5-aaaa | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-20T20:14:13.613682+00:00 | Debian Oval Importer | Fixing | VCID-35zf-t4ak-aaae | None | 36.1.3 |
| 2025-06-20T20:13:11.744229+00:00 | Debian Oval Importer | Fixing | VCID-a9fr-apdt-aaac | None | 36.1.3 |
| 2025-06-20T20:12:56.458702+00:00 | Debian Oval Importer | Fixing | VCID-sexy-1ad2-aaab | None | 36.1.3 |
| 2025-06-20T20:10:59.924002+00:00 | Debian Oval Importer | Fixing | VCID-tmu9-vjgy-aaab | None | 36.1.3 |
| 2025-06-20T20:08:34.425998+00:00 | Debian Oval Importer | Fixing | VCID-4pjz-5ytr-aaag | None | 36.1.3 |
| 2025-06-20T20:05:39.758503+00:00 | Debian Oval Importer | Fixing | VCID-sdrj-zubv-aaak | None | 36.1.3 |
| 2025-06-20T20:05:36.997512+00:00 | Debian Oval Importer | Fixing | VCID-van2-s7yd-aaap | None | 36.1.3 |
| 2025-06-20T20:01:32.928606+00:00 | Debian Oval Importer | Fixing | VCID-d53w-5nj5-aaaf | None | 36.1.3 |
| 2025-06-20T19:57:33.385781+00:00 | Debian Oval Importer | Fixing | VCID-539x-pa7r-aaaf | None | 36.1.3 |
| 2025-06-20T19:53:49.841463+00:00 | Debian Oval Importer | Fixing | VCID-tv97-anfg-aaam | None | 36.1.3 |
| 2025-06-20T19:53:39.698577+00:00 | Debian Oval Importer | Fixing | VCID-kkd1-e4k1-aaam | None | 36.1.3 |
| 2025-06-08T04:36:47.114215+00:00 | Debian Oval Importer | Fixing | VCID-rdb7-bn6u-aaaq | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:34:02.835455+00:00 | Debian Oval Importer | Fixing | VCID-dwc5-nygz-aaan | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:33:08.949810+00:00 | Debian Oval Importer | Fixing | VCID-sexy-1ad2-aaab | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:32:50.294406+00:00 | Debian Oval Importer | Fixing | VCID-sdrj-zubv-aaak | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:31:49.916916+00:00 | Debian Oval Importer | Fixing | VCID-snyd-uvt1-aaac | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:31:43.682451+00:00 | Debian Oval Importer | Fixing | VCID-539x-pa7r-aaaf | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:30:45.427975+00:00 | Debian Oval Importer | Fixing | VCID-d53w-5nj5-aaaf | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:28:57.979045+00:00 | Debian Oval Importer | Fixing | VCID-tmu9-vjgy-aaab | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:20:22.806436+00:00 | Debian Oval Importer | Fixing | VCID-3vvp-6wh9-aaam | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:19:56.207436+00:00 | Debian Oval Importer | Fixing | VCID-tv97-anfg-aaam | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:18:55.951988+00:00 | Debian Oval Importer | Fixing | VCID-35zf-t4ak-aaae | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:17:38.079394+00:00 | Debian Oval Importer | Fixing | VCID-4pjz-5ytr-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:15:51.607666+00:00 | Debian Oval Importer | Fixing | VCID-nmnf-at11-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:14:07.379458+00:00 | Debian Oval Importer | Fixing | VCID-a9fr-apdt-aaac | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:11:48.192205+00:00 | Debian Oval Importer | Fixing | VCID-kkd1-e4k1-aaam | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:10:02.514829+00:00 | Debian Oval Importer | Fixing | VCID-fhgh-jkwa-aaah | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:03:57.685351+00:00 | Debian Oval Importer | Fixing | VCID-t73t-tzz5-aaaa | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-07T13:55:13.948901+00:00 | Debian Oval Importer | Fixing | VCID-35zf-t4ak-aaae | None | 36.1.0 |
| 2025-06-07T13:54:36.512218+00:00 | Debian Oval Importer | Fixing | VCID-a9fr-apdt-aaac | None | 36.1.0 |
| 2025-06-07T13:54:23.968337+00:00 | Debian Oval Importer | Fixing | VCID-sexy-1ad2-aaab | None | 36.1.0 |
| 2025-06-07T13:54:00.634653+00:00 | Debian Oval Importer | Fixing | VCID-tmu9-vjgy-aaab | None | 36.1.0 |
| 2025-06-07T13:53:24.163825+00:00 | Debian Oval Importer | Fixing | VCID-4pjz-5ytr-aaag | None | 36.1.0 |
| 2025-06-07T13:52:04.627552+00:00 | Debian Oval Importer | Fixing | VCID-sdrj-zubv-aaak | None | 36.1.0 |
| 2025-06-07T13:52:03.260618+00:00 | Debian Oval Importer | Fixing | VCID-van2-s7yd-aaap | None | 36.1.0 |
| 2025-06-07T13:50:20.607305+00:00 | Debian Oval Importer | Fixing | VCID-d53w-5nj5-aaaf | None | 36.1.0 |
| 2025-06-07T13:47:13.538222+00:00 | Debian Oval Importer | Fixing | VCID-539x-pa7r-aaaf | None | 36.1.0 |
| 2025-06-07T13:44:37.374069+00:00 | Debian Oval Importer | Fixing | VCID-tv97-anfg-aaam | None | 36.1.0 |
| 2025-06-07T13:44:27.464033+00:00 | Debian Oval Importer | Fixing | VCID-kkd1-e4k1-aaam | None | 36.1.0 |
| 2025-04-08T03:07:35.807254+00:00 | Debian Oval Importer | Fixing | VCID-rdb7-bn6u-aaaq | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T03:04:34.403406+00:00 | Debian Oval Importer | Fixing | VCID-dwc5-nygz-aaan | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T03:03:37.763121+00:00 | Debian Oval Importer | Fixing | VCID-sexy-1ad2-aaab | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T03:03:17.745242+00:00 | Debian Oval Importer | Fixing | VCID-sdrj-zubv-aaak | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T03:02:13.558560+00:00 | Debian Oval Importer | Fixing | VCID-snyd-uvt1-aaac | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T03:02:07.003084+00:00 | Debian Oval Importer | Fixing | VCID-539x-pa7r-aaaf | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T03:01:06.990095+00:00 | Debian Oval Importer | Fixing | VCID-d53w-5nj5-aaaf | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:59:09.476577+00:00 | Debian Oval Importer | Fixing | VCID-tmu9-vjgy-aaab | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:49:52.555702+00:00 | Debian Oval Importer | Fixing | VCID-3vvp-6wh9-aaam | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:49:27.337407+00:00 | Debian Oval Importer | Fixing | VCID-tv97-anfg-aaam | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:48:22.165841+00:00 | Debian Oval Importer | Fixing | VCID-35zf-t4ak-aaae | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:46:59.611121+00:00 | Debian Oval Importer | Fixing | VCID-4pjz-5ytr-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:45:08.574569+00:00 | Debian Oval Importer | Fixing | VCID-nmnf-at11-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:43:17.054068+00:00 | Debian Oval Importer | Fixing | VCID-a9fr-apdt-aaac | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:40:48.051405+00:00 | Debian Oval Importer | Fixing | VCID-kkd1-e4k1-aaam | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:38:54.306801+00:00 | Debian Oval Importer | Fixing | VCID-fhgh-jkwa-aaah | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:32:22.371448+00:00 | Debian Oval Importer | Fixing | VCID-t73t-tzz5-aaaa | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-07T12:30:00.309362+00:00 | Debian Oval Importer | Fixing | VCID-35zf-t4ak-aaae | None | 36.0.0 |
| 2025-04-07T12:29:23.961221+00:00 | Debian Oval Importer | Fixing | VCID-a9fr-apdt-aaac | None | 36.0.0 |
| 2025-04-07T12:29:11.568687+00:00 | Debian Oval Importer | Fixing | VCID-sexy-1ad2-aaab | None | 36.0.0 |
| 2025-04-07T12:28:49.158849+00:00 | Debian Oval Importer | Fixing | VCID-tmu9-vjgy-aaab | None | 36.0.0 |
| 2025-04-07T12:28:15.740129+00:00 | Debian Oval Importer | Fixing | VCID-4pjz-5ytr-aaag | None | 36.0.0 |
| 2025-04-07T12:26:59.424413+00:00 | Debian Oval Importer | Fixing | VCID-sdrj-zubv-aaak | None | 36.0.0 |
| 2025-04-07T12:26:57.947048+00:00 | Debian Oval Importer | Fixing | VCID-van2-s7yd-aaap | None | 36.0.0 |
| 2025-04-07T12:25:17.170710+00:00 | Debian Oval Importer | Fixing | VCID-d53w-5nj5-aaaf | None | 36.0.0 |
| 2025-04-07T12:22:19.240614+00:00 | Debian Oval Importer | Fixing | VCID-539x-pa7r-aaaf | None | 36.0.0 |
| 2025-04-07T12:19:52.900953+00:00 | Debian Oval Importer | Fixing | VCID-tv97-anfg-aaam | None | 36.0.0 |
| 2025-04-07T12:19:42.301995+00:00 | Debian Oval Importer | Fixing | VCID-kkd1-e4k1-aaam | None | 36.0.0 |