drupal vulnerabilities and exploits

NA
CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to...

6.8
CVSSv2
CVE-2012-6636

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in...

GoogleAndroid Api
NA
CVE-2019-6342

Drupal core could allow a remote attacker to bypass security restrictions, caused by a flaw when the Workspaces module is enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions....

7.5
CVSSv2
CVE-2019-11512

Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5....

Contao
4.6
CVSSv2
CVE-2017-8715

The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass"....

MicrosoftWindows 10Windows Server 2016
4.6
CVSSv2
CVE-2017-0218

Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device...

MicrosoftWindows 10Windows Server 2016
7.2
CVSSv2
CVE-2018-8210

A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10,...

6.9
CVSSv2
CVE-2018-0982

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers....

MicrosoftWindows 10Windows Server 2016
4.3
CVSSv2
CVE-2018-6177

Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page....

GoogleChrome
4.3
CVSSv2
CVE-2018-6128

Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page....

GoogleChrome