Tuesday, December 11, 2018
Drupal

Drupal Core – Multiple Vulnerabilities – SA-CORE-2018-006

Advisory ID: DRUPAL-SA-CONTRIB-2018-006 Project: Drupal core Version: 7.x, 8.x Date: 2018-October-17 Description Content moderation - Moderately critical - Access bypass - Drupal 8 In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass. In order...
Drupal

Drupal Core – 3rd-party libraries -SA-CORE-2018-005

Advisory ID: SA-CORE-2018-005 Project: Drupal core Version: 8.x CVE: CVE-2018-14773 Date: 2018-August-01 Description The Drupal project uses the Symfony library. The Symfony library has released a security update that impacts Drupal. Refer to the Symfony security advisory for the issue. The same vulnerability also exists in the...
Drupal

Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-004

Project: Drupal coreDate: 2018-April-25Security risk: Highly critical 20∕25 AC:Basic/A:User/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code ExecutionCVE IDs: CVE-2018-7602Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in...
Drupal

Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2018-003

Project: Drupal coreDate: 2018-April-18Security risk: Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription:  CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor...
Drupal

Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002

Project: Drupal coreDate: 2018-March-28Security risk: Highly critical 24∕25 AC:None/A:None/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code Execution CVE IDs: CVE-2018-7600Description:  A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could...
Drupal

Drupal core – Critical – Multiple Vulnerabilities – SA-CORE-2018-001

Project: Drupal coreVersion: 8.4.x-dev7.x-devDate: 2018-February-21Security risk: Critical 16∕25 AC:Basic/A:User/CI:Some/II:Some/E:Exploit/TD:DefaultVulnerability: Multiple Vulnerabilities Description: This security advisory fixes multiple vulnerabilities in both Drupal 7 and Drupal 8. See below for a list. Comment reply form allows access to restricted content - Critical - Drupal 8 -...
Computerworld

And that was actually the CLEAN version!

It's more than a few years back, and this oilfield services company is implementing a new email filter, says a pilot fish working there."It was part of an email security product," fish says. "The filter could identify emails containing...

Review: How StackRox protects containers

With the rise of cloud computing and later DevOps, containerization has never been more popular. But cybersecurity has yet to fully catch up. Even security applications designed to work natively in the cloud have trouble protecting the most popular...

Dark web goldmine busted by Europol

What’s the safest way to buy counterfeit banknotes? Not on the dark web market, as 235 people have just discovered to their cost.
Security Affairs

Google will shut down consumer version of Google+ earlier due to a bug

Google announced it will close the consumer version of Google+ before than originally planned due to the discovery of a new security flaw. Google will close the consumer version of Google+ in April, four months earlier than planned. According to G...

Teen SWATter who had 400 schools evacuated lands 3 years in jail

George Duke-Cohan is the British teen who posed as a worried father whose daughter had called him mid-flight during a hijacking.