Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
Max CVSS
3.5
EPSS Score
1.36%
Published
2007-01-09
Updated
2018-10-16
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-10-28
Updated
2014-03-08
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.
Max CVSS
3.5
EPSS Score
0.98%
Published
2012-10-01
Updated
2013-12-13
The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests.
Max CVSS
5.0
EPSS Score
0.19%
Published
2013-03-27
Updated
2013-03-28
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
Max CVSS
5.0
EPSS Score
0.10%
Published
2014-07-22
Updated
2014-07-22
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Max CVSS
5.0
EPSS Score
50.47%
Published
2014-08-18
Updated
2015-11-25

CVE-2014-5266

Public exploit
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
Max CVSS
5.0
EPSS Score
94.49%
Published
2014-08-18
Updated
2015-11-25

CVE-2014-9016

Public exploit
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
Max CVSS
5.0
EPSS Score
3.97%
Published
2014-11-24
Updated
2021-04-20
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
Max CVSS
6.5
EPSS Score
0.15%
Published
2016-11-25
Updated
2016-11-29
Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-01-16
Updated
2024-03-21
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!