drupal vulnerabilities and exploits

NA
CVE-2019-6342

Drupal core could allow a remote attacker to bypass security restrictions, caused by a flaw when the Workspaces module is enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions....

4.3
CVSSv2
CVE-2018-6128

Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page....

GoogleChrome
4.3
CVSSv2
CVE-2019-5786

Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page....

GoogleChrome
4.3
CVSSv2
CVE-2018-6177

Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page....

GoogleChrome
7.2
CVSSv2
CVE-2019-12476

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence...

ZohocorpManageengine Adselfservice Plus
5.5
CVSSv2
CVE-2019-2618

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network...

OracleWeblogic Server
4.3
CVSSv2
CVE-2019-1040

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'....

9.3
CVSSv2
CVE-2019-5241

There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a...

HuaweiPcmanager
4.3
CVSSv2
CVE-2019-11876

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing...

5
CVSSv2
CVE-2019-12086

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the...

FasterxmlJackson-databindDebianDebian Linux