drupal7 vulnerabilities

Known vulnerabilities in the drupal7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Improper Input Validation	<7.52-2+deb9u18
M Cross-site Scripting (XSS)	<7.52-2+deb9u17
M Cross-site Scripting (XSS)	<7.52-2+deb9u17
H Link Following	<7.52-2+deb9u16
M Cross-site Scripting (XSS)	<7.52-2+deb9u15
H Directory Traversal	<7.52-2+deb9u14
H Deserialization of Untrusted Data	<7.52-2+deb9u13
H Arbitrary Code Injection	<7.52-2+deb9u13
H Unrestricted Upload of File with Dangerous Type	<7.52-2+deb9u12
M Cross-site Scripting (XSS)	<7.52-2+deb9u12
H Cross-site Request Forgery (CSRF)	<7.52-2+deb9u11
M Open Redirect	<7.52-2+deb9u10
M Cross-site Scripting (XSS)	<7.52-2+deb9u10
M Cross-site Scripting (XSS)	<7.52-2+deb9u10
C Directory Traversal	<7.52-2+deb9u9
M Cross-site Scripting (XSS)	<7.52-2+deb9u8
M Cross-site Scripting (XSS)	<7.52-2+deb9u7
C Improper Input Validation	<7.52-2+deb9u6
H Deserialization of Untrusted Data	<7.52-2+deb9u6
C CVE-2018-7602	<7.52-2+deb9u4
M Files or Directories Accessible to External Parties	<7.52-2+deb9u1
H Incorrect Authorization	<7.6-1
C Improper Input Validation	<7.52-2+deb9u3
M Cross-site Scripting (XSS)	<7.52-2+deb9u2
M Open Redirect	<7.52-2+deb9u2
M Incorrect Permission Assignment for Critical Resource	<7.52-2+deb9u2
M Cross-site Scripting (XSS)	<7.52-2+deb9u2
M Open Redirect	<7.41-1
M Open Redirect	<7.32-1+deb8u2
M Open Redirect	<7.32-1+deb8u2
M Cross-site Scripting (XSS)	<7.52-2+deb9u17
M Open Redirect	<7.52-1
M Information Exposure	<7.52-1
H Access Restriction Bypass	<7.44-1
H Security Features	<7.43-1
M Security Features	<7.43-1
H CVE-2016-3164	<7.43-1
M Information Exposure	<7.43-1
H Improper Access Control	<7.43-1
H Access Restriction Bypass	<7.43-1
M Cross-site Scripting (XSS)	<7.39-1
M Cross-site Scripting (XSS)	<7.39-1
H SQL Injection	<7.39-1
M Information Exposure	<7.39-1
M Cross-site Request Forgery (CSRF)	<7.39-1
M Improper Input Validation	<7.38-1
M Information Exposure	<7.38-1
M CVE-2015-3232	<7.38-1
M CVE-2015-3233	<7.38-1
L Improper Access Control	<7.32-1+deb8u2
M Cross-site Scripting (XSS)	<7.52-2+deb9u17
M CVE-2014-9016	<7.32-1+deb8u1
M Access Restriction Bypass	<7.32-1+deb8u1
H SQL Injection	<7.32-1
M Access Restriction Bypass	<7.31-1
M Resource Management Errors	<7.31-1
M Resource Management Errors	<7.31-1
M Access Restriction Bypass	<7.29-1
M Improper Input Validation	<7.29-1
L Cross-site Scripting (XSS)	<7.29-1
M Cross-site Scripting (XSS)	<7.29-1
M Information Exposure	<7.27-1
H CVE-2014-1475	<7.26-1
M Access Restriction Bypass	<7.26-1
L Cross-site Scripting (XSS)	<7.14-1.3
L Cross-site Scripting (XSS)	<7.24-1
M Cross-site Scripting (XSS)	<7.24-1
M Improper Input Validation	<7.24-1
M Arbitrary Code Injection	<7.24-1
M Cryptographic Issues	<7.24-1
M Cross-site Request Forgery (CSRF)	<7.11-1
L Access Restriction Bypass	<7.11-1
M Information Exposure	<7.11-1
M Access Restriction Bypass	<7.14-1.3
L Access Restriction Bypass	<7.14-1.3
M Resource Management Errors	<7.14-2
M Improper Input Validation	<7.14-1.2
M Access Restriction Bypass	<7.14-1.2
M Access Restriction Bypass	<7.14-1.1
M Access Restriction Bypass	<7.14-1.1
M Access Restriction Bypass	<7.14-1
M Access Restriction Bypass	<7.14-1
M Access Restriction Bypass	<7.14-1
L Resource Management Errors	<7.14-1
L Information Exposure	<7.22-1
M Improper Input Validation	<7.14-1
L Cross-site Request Forgery (CSRF)	*
H Access Restriction Bypass	<7.2-1

Vulnerability

Vulnerable Version

Improper Input Validation

<7.52-2+deb9u18

Cross-site Scripting (XSS)

<7.52-2+deb9u17

Cross-site Scripting (XSS)

<7.52-2+deb9u17

Link Following

<7.52-2+deb9u16

Cross-site Scripting (XSS)

<7.52-2+deb9u15