Drupal Core – Multiple Vulnerabilities – SA-CORE-2018-006
Advisory ID: DRUPAL-SA-CONTRIB-2018-006
Project: Drupal core
Version: 7.x, 8.x
Date: 2018-October-17
Description
Content moderation - Moderately critical - Access bypass - Drupal 8
In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.
In order...
Drupal Core – 3rd-party libraries -SA-CORE-2018-005
Advisory ID: SA-CORE-2018-005
Project: Drupal core
Version: 8.x
CVE: CVE-2018-14773
Date: 2018-August-01
Description
The Drupal project uses the Symfony library. The Symfony library has released a security update that impacts Drupal. Refer to the Symfony security advisory for the issue.
The same vulnerability also exists in the...
Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-004
Project: Drupal coreDate: 2018-April-25Security risk: Highly critical 20∕25 AC:Basic/A:User/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code ExecutionCVE IDs: CVE-2018-7602Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in...
Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2018-003
Project: Drupal coreDate: 2018-April-18Security risk: Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription:
CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor...
Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002
Project: Drupal coreDate: 2018-March-28Security risk: Highly critical 24∕25 AC:None/A:None/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code Execution CVE IDs: CVE-2018-7600Description:
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could...
Drupal core – Critical – Multiple Vulnerabilities – SA-CORE-2018-001
Project: Drupal coreVersion: 8.4.x-dev7.x-devDate: 2018-February-21Security risk: Critical 16∕25 AC:Basic/A:User/CI:Some/II:Some/E:Exploit/TD:DefaultVulnerability: Multiple Vulnerabilities Description: This security advisory fixes multiple vulnerabilities in both Drupal 7 and Drupal 8. See below for a list.
Comment reply form allows access to restricted content - Critical - Drupal 8 -...
And that was actually the CLEAN version!
It's more than a few years back, and this oilfield services company is implementing a new email filter, says a pilot fish working there."It was part of an email security product," fish says. "The filter could identify emails containing...
Review: How StackRox protects containers
With the rise of cloud computing and later DevOps, containerization has never been more popular. But cybersecurity has yet to fully catch up. Even security applications designed to work natively in the cloud have trouble protecting the most popular...
Dark web goldmine busted by Europol
What’s the safest way to buy counterfeit banknotes? Not on the dark web market, as 235 people have just discovered to their cost.
Google will shut down consumer version of Google+ earlier due to a bug
Google announced it will close the consumer version of Google+ before than originally planned due to the discovery of a new security flaw.
Google will close the consumer version of Google+ in April, four months earlier than planned. According to G...
Teen SWATter who had 400 schools evacuated lands 3 years in jail
George Duke-Cohan is the British teen who posed as a worried father whose daughter had called him mid-flight during a hijacking.
