Drupal Core – 3rd-party libraries -SA-CORE-2018-005
Advisory ID: SA-CORE-2018-005
Project: Drupal core
Version: 8.x
CVE: CVE-2018-14773
Date: 2018-August-01
Description
The Drupal project uses the Symfony library. The Symfony library has released a security update that impacts Drupal. Refer to the Symfony security advisory for the issue.
The same vulnerability also exists in the...
Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-004
Project: Drupal coreDate: 2018-April-25Security risk: Highly critical 20∕25 AC:Basic/A:User/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code ExecutionCVE IDs: CVE-2018-7602Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in...
Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2018-003
Project: Drupal coreDate: 2018-April-18Security risk: Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription:
CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor...
Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002
Project: Drupal coreDate: 2018-March-28Security risk: Highly critical 24∕25 AC:None/A:None/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code Execution CVE IDs: CVE-2018-7600Description:
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could...
Drupal core – Critical – Multiple Vulnerabilities – SA-CORE-2018-001
Project: Drupal coreVersion: 8.4.x-dev7.x-devDate: 2018-February-21Security risk: Critical 16∕25 AC:Basic/A:User/CI:Some/II:Some/E:Exploit/TD:DefaultVulnerability: Multiple Vulnerabilities Description: This security advisory fixes multiple vulnerabilities in both Drupal 7 and Drupal 8. See below for a list.
Comment reply form allows access to restricted content - Critical - Drupal 8 -...
Breach at US Retailer SHEIN Hits Over Six Million Users
Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers.
The women’s clothing company revealed at the end of last week that...
Bug? Feature? Power users baffled as BitLocker update switch-off continues
Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
UK issues first-ever GDPR notice in connection to Facebook data scandal
Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
Symantec Completes Internal Accounting Investigation
Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements.
read more
Are Colleges Teaching Real-World Cyber Security Skills?
The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...
