drupal/core Security Advisories for 8.0.0-beta12 (80)
-
Drupal core - Moderately critical - Denial of Service
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<9.0.0|>=9.0.0,<9.1.0|>=9.1.0,<9.2.0|>=9.2.0,<9.3.0|>=9.3.0,<9.4.0|>=9.4.0,<9.5.0|>=9.5.0,<10.0.0|>=10.0.0,<10.1.0|>=10.1.0,<10.1.8|>=10.2.0,<10.2.2
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Lack of domain validation in Druple core
PKSA-4j5n-cxxv-ptjc CVE-2022-25276 GHSA-4wfq-jc9h-vpcx
Affected version: >=9.4.0,<9.4.3|>=8.0.0,<9.3.19
Reported by:
GitHub -
[HIGH] Improper input validation in Drupal core
PKSA-fpcy-trdp-tpy2 CVE-2022-25273 GHSA-g36h-4jr6-qmm9
Affected version: >=9.3.0,<9.3.12|>=8.0.0,<9.2.18
Reported by:
GitHub -
[MEDIUM] Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
PKSA-gkkw-qh7h-5181 CVE-2022-25278 GHSA-cfh2-7f6h-3m85
Affected version: >=8.0.0,<9.3.19|>=9.4.0,<9.4.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal Open Redirect
PKSA-qstq-fjvw-qh5n CVE-2016-9451 GHSA-66gr-xrcf-8jpq
Affected version: >=8.0,<8.2.3|>=7.0,<7.52
Reported by:
GitHub -
[HIGH] Improper input validation in Drupal core
PKSA-72rg-qbp7-873g CVE-2022-25271 GHSA-fmfv-x8mp-5767
Affected version: >=7.0.0,<7.88|>=8.0.0,<9.2.13|>=9.3.0,<9.3.6
Reported by:
GitHub -
[MEDIUM] Incorrect authorization in Drupal core
PKSA-2tvs-gcpz-cmm6 CVE-2022-25270 GHSA-73q4-j324-2qcc
Affected version: >=8.0.0,<9.2.13|>=9.3.0,<9.3.6
Reported by:
GitHub -
[CRITICAL] Unrestricted Upload of File with Dangerous Type in Drupal core
PKSA-46zx-gs68-q4zv CVE-2020-13675 GHSA-v8wr-r69p-mmwx
Affected version: >=8.0.0,<8.9.19|>=9.2.0,<9.2.6|>=9.1.0,<9.1.13
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in Drupal core
PKSA-4q53-3jd6-45wg CVE-2020-13674 GHSA-j586-cj67-vg4p
Affected version: >=8.0.0,<8.9.19|>=9.2.0,<9.2.6|>=9.1.0,<9.1.13
Reported by:
GitHub -
[MEDIUM] Incorrect Authorization in Drupal core
PKSA-s6ck-qn9j-xnqf CVE-2020-13676 GHSA-qfhg-m6r8-xxpj
Affected version: >=8.0.0,<8.9.19|>=9.2.0,<9.2.6|>=9.1.0,<9.1.13
Reported by:
GitHub -
[HIGH] Drupal core access bypass vulnerability
PKSA-njy4-5vnq-bx5f CVE-2020-13677 GHSA-3xr3-phjp-g6p2
Affected version: >=9.2.0,<9.2.6|>=9.1.0,<9.1.13|>=8.0.0,<8.9.19
Reported by:
GitHub -
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.1.0|>=9.1.0,<9.1.12|>=9.2.0,<9.2.4
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
PKSA-bc4x-jnrh-4k6w CVE-2021-33829 GHSA-rgx6-rjj4-c388
Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.0.14|>=9.1.0,<9.1.9
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
PKSA-7zvx-63nf-7nkj CVE-2020-13672
Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.14|>=9.0.0,<9.0.12|>=9.1.0,<9.1.7
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013
Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Drupal core - Critical - Remote code execution - SA-CORE-2020-012
PKSA-77t6-rxnw-bfjm CVE-2020-13671 GHSA-68jc-v27h-vhmw
Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
PKSA-jknr-sjbw-zn24 CVE-2020-13667
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
PKSA-c6qk-kgrx-8q42 CVE-2020-13666
Affected version: >=7.0.0,<7.73|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009
PKSA-1k26-dn58-yzpc CVE-2020-13668 GHSA-m6q5-wv4x-fv6h
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010
PKSA-69gr-9b59-5f99 CVE-2020-13669
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
PKSA-ggc3-34xd-zmzd CVE-2020-13670 GHSA-mmjr-5q74-p3m4
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004
PKSA-j215-hxck-vk25 CVE-2020-13663 GHSA-m648-hpf8-qcjw
Affected version: >=7.0.0,<7.72|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
PKSA-jkzg-rr1r-vmvy CVE-2020-13664
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Less critical - Access bypass - SA-CORE-2020-006
PKSA-5wmm-s575-4sjg CVE-2020-13665
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
PKSA-yxnf-v37t-gh27 CVE-2020-13662
Affected version: >=7.0.0,<7.70|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.14|>=8.8.0,<8.8.6
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.12|>=8.8.0,<8.8.4
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012
Affected version: >=7.0.0,<7.69|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
[CRITICAL] Moderately critical - Third-party libraries - SA-CORE-2019-007
PKSA-75yj-2hm1-2ffx CVE-2019-11831 GHSA-xv7v-rf6g-xwrc
Affected version: >=7.0.0,<7.67.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.6.16|>=8.7.0,<8.7.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005
PKSA-q3jn-2tvt-kmzh CVE-2019-10909 GHSA-g996-q5r8-w7g2
Affected version: >=7.0,<7.65|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.14|>=8.6.0,<8.6.14
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Moderately critical - Cross Site Scripting - SA-CORE-2019-004
PKSA-ycp7-r1gf-k17h CVE-2019-6341 GHSA-cmmh-8mwp-gq5p
Affected version: >=7.0.0,<7.65.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.14|>=8.6.0,<8.6.13
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Highly critical - Remote Code Execution
PKSA-18ct-8ggk-h581 CVE-2019-6340 GHSA-3gx6-h57h-rm27
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.11|>=8.6.0,<8.6.10
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Critical - Arbitrary PHP code execution
PKSA-9n1q-yjxq-ntxd CVE-2019-6339 GHSA-8cw5-rv98-5c46
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.9|>=8.6.0,<8.6.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Critical - Third Party Libraries
PKSA-tqjg-2d31-rxds CVE-2019-6338
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.9|>=8.6.0,<8.6.6
Reported by:
FriendsOfPHP/security-advisories -
External URL injection through URL aliases - Moderately Critical - Open Redirect
Affected version: >=7.0,<7.60|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution
PKSA-mhgf-dg9m-23xj GHSA-6ccv-8fgf-cjpw
Affected version: >=7.0,<7.60|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Anonymous Open Redirect - Moderately Critical - Open Redirect
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Contextual Links validation - Critical - Remote Code Execution
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Content moderation - Moderately critical - Access bypass
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Critical - Remote Code Execution
PKSA-xw62-8xjy-mc59 CVE-2018-7602
Affected version: >=7.0,<7.59|>=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4,<8.4.8|>=8.5,<8.5.3
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Moderately critical - Cross Site Scripting
PKSA-214d-s1bc-j16m CVE-2018-9861 GHSA-g78h-pf65-46rv
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4,<8.4.7|>=8.5,<8.5.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Highly critical - Remote Code Execution
PKSA-hcrx-hx8t-7n3g CVE-2018-7600
Affected version: >=7.0,<7.58|>=8.0,<8.3.9|>=8.4,<8.4.6|>=8.5,<8.5.1
Reported by:
FriendsOfPHP/security-advisories -
Private file access bypass.
PKSA-7mx7-kjj6-v7gb CVE-2017-6928
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
Comment reply form allows access to restricted content.
PKSA-tkp1-mpmp-xyj4 CVE-2017-6926
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
External link injection on 404 pages when linking to the current page.
PKSA-rm5p-gw4d-nq88 CVE-2017-6932
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
JavaScript cross-site scripting prevention is incomplete.
PKSA-qdmw-yrmc-qbbd CVE-2017-6927
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
jQuery vulnerability with untrusted domains.
PKSA-t9z9-bcb2-5zhs CVE-2017-6929
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
Language fallback can be incorrect on multilingual sites with node access restrictions.
PKSA-719r-5gyf-y5cc CVE-2017-6930
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
Settings Tray access bypass.
PKSA-vbh8-z5f3-8qxw CVE-2017-6931
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
Entity access bypass for entities that do not have UUIDs or have protected revisions.
PKSA-t6j8-kjhk-561m CVE-2017-6925
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories -
REST API can bypass comment approval.
PKSA-tpkb-65dd-h1sr CVE-2017-6924
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Views does not properly restrict access to the Ajax endpoint.
PKSA-1z5n-zfyy-wgfb CVE-2017-6923 GHSA-v3f6-f29f-rgvp
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] PECL YAML parser unsafe object handling
PKSA-vwz4-b3n9-6cwf CVE-2017-6920 GHSA-9c24-g32g-35rj
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Files uploaded by anonymous users into a private file system can be accessed by other anonymous users
PKSA-9xbc-spnf-z7nb CVE-2017-6922
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] File REST resource does not properly validate
PKSA-m9t7-ggb8-t5fn CVE-2017-6921 GHSA-h377-287m-w2r9
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Access bypass
PKSA-2pkc-d97h-541b CVE-2017-6919
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.8|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
Remote code execution
PKSA-1931-qv6k-h8s6 CVE-2017-6381
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories -
Some admin paths were not protected with a CSRF token
PKSA-kq9s-pmck-3hhz CVE-2017-6379
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Editor module incorrectly checks access to inline private files
PKSA-ppg3-hj76-c1nd CVE-2017-6377 GHSA-w7qx-vwr9-2j3r
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Inconsistent name for term access query
PKSA-g8fm-x736-dhw6 CVE-2016-9449
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Denial of service via transliterate mechanism
PKSA-zfjc-rvnr-yfgg CVE-2016-9452 GHSA-jpj8-49hr-wcwv
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Incorrect cache context on password reset page
PKSA-vsdz-dkbh-6vty CVE-2016-9450 GHSA-98w5-wqp9-w466
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Full config export can be downloaded without administrative permissions
PKSA-7nn6-tbd9-7733 CVE-2016-7572
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories -
Cross-site Scripting in http exceptions
PKSA-hyt2-1n75-d5g6 CVE-2016-7571
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories -
Users without "Administer comments" can set comment visibility on nodes they can edit
PKSA-wsdn-jkns-xw8s CVE-2016-7570
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Drupal Core - Highly Critical - Injection - SA-CORE-2016-003
PKSA-dtjt-nkrz-7p1t CVE-2016-5385 GHSA-m6ch-gg5f-wxx3
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Saving user accounts can sometimes grant the user all roles
PKSA-dftb-k553-yc5x CVE-2016-6211
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.3
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Views can allow unauthorized users to see Statistics information
PKSA-h7b6-5hdp-ngdf CVE-2016-6212 GHSA-rfxx-gxwc-923c
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Reflected file download vulnerability
PKSA-cvhr-cpqr-xzbr CVE-2016-3168 GHSA-qqxc-cppg-4xp8
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Open redirect via double-encoded 'destination' parameter
PKSA-1tzq-2qs7-2bmg CVE-2016-3167
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
HTTP header injection using line breaks
PKSA-c5cy-9myc-9jvy CVE-2016-3166
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
Form API ignores access restrictions on submit buttons
PKSA-f2tr-vkvs-rn6s CVE-2016-3165
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Open redirect via path manipulation
PKSA-w7rh-fsfz-47tv CVE-2016-3164 GHSA-836p-6p4j-35cg
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Brute force amplification attacks via XML-RPC
PKSA-dcs8-k9rm-1jyb CVE-2016-3163
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
File upload access bypass and denial of service
PKSA-6ghb-cyrk-9kmw CVE-2016-3162
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Saving user accounts can sometimes grant the user all roles
PKSA-vf9k-szc7-mht3 CVE-2016-3169 GHSA-q3p9-8728-wq7x
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Email address can be matched to an account
PKSA-w5qn-v455-qw2x CVE-2016-3170
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
Session data truncation can lead to unserialization of user provided data
PKSA-4jbn-vr6y-x6k7 CVE-2016-3171
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories