drupal/core Security Advisories for 8.0.0-beta12 (81)
-
[LOW] Drupal Full Path Disclosure
PKSA-styk-3knc-d1bt CVE-2024-45440 GHSA-mg8j-w93w-xjgc
Affected version: >=8.0.0,<10.2.9|>=10.3.0,<10.3.6|>=11.0.0,<11.0.5
Reported by:
GitHub -
[MEDIUM] Drupal core - Moderately critical - Denial of Service
PKSA-2gfj-5sh8-j3c5 GHSA-f84q-mgj9-8jfc
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<9.0.0|>=9.0.0,<9.1.0|>=9.1.0,<9.2.0|>=9.2.0,<9.3.0|>=9.3.0,<9.4.0|>=9.4.0,<9.5.0|>=9.5.0,<10.0.0|>=10.0.0,<10.1.0|>=10.1.0,<10.1.8|>=10.2.0,<10.2.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Improper input validation in Drupal core
PKSA-fpcy-trdp-tpy2 CVE-2022-25273 GHSA-g36h-4jr6-qmm9
Affected version: >=9.3.0,<9.3.12|>=8.0.0,<9.2.18
Reported by:
GitHub -
[MEDIUM] Lack of domain validation in Druple core
PKSA-4j5n-cxxv-ptjc CVE-2022-25276 GHSA-4wfq-jc9h-vpcx
Affected version: >=9.4.0,<9.4.3|>=8.0.0,<9.3.19
Reported by:
GitHub -
[MEDIUM] Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
PKSA-gkkw-qh7h-5181 CVE-2022-25278 GHSA-cfh2-7f6h-3m85
Affected version: >=8.0.0,<9.3.19|>=9.4.0,<9.4.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal Open Redirect
PKSA-qstq-fjvw-qh5n CVE-2016-9451 GHSA-66gr-xrcf-8jpq
Affected version: >=8.0,<8.2.3|>=7.0,<7.52
Reported by:
GitHub -
[HIGH] Improper input validation in Drupal core
PKSA-72rg-qbp7-873g CVE-2022-25271 GHSA-fmfv-x8mp-5767
Affected version: >=7.0.0,<7.88|>=8.0.0,<9.2.13|>=9.3.0,<9.3.6
Reported by:
GitHub -
[MEDIUM] Incorrect authorization in Drupal core
PKSA-2tvs-gcpz-cmm6 CVE-2022-25270 GHSA-73q4-j324-2qcc
Affected version: >=8.0.0,<9.2.13|>=9.3.0,<9.3.6
Reported by:
GitHub -
[CRITICAL] Unrestricted Upload of File with Dangerous Type in Drupal core
PKSA-46zx-gs68-q4zv CVE-2020-13675 GHSA-v8wr-r69p-mmwx
Affected version: >=8.0.0,<8.9.19|>=9.2.0,<9.2.6|>=9.1.0,<9.1.13
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in Drupal core
PKSA-4q53-3jd6-45wg CVE-2020-13674 GHSA-j586-cj67-vg4p
Affected version: >=8.0.0,<8.9.19|>=9.2.0,<9.2.6|>=9.1.0,<9.1.13
Reported by:
GitHub -
[HIGH] Drupal core access bypass vulnerability
PKSA-njy4-5vnq-bx5f CVE-2020-13677 GHSA-3xr3-phjp-g6p2
Affected version: >=9.2.0,<9.2.6|>=9.1.0,<9.1.13|>=8.0.0,<8.9.19
Reported by:
GitHub -
[MEDIUM] Incorrect Authorization in Drupal core
PKSA-s6ck-qn9j-xnqf CVE-2020-13676 GHSA-qfhg-m6r8-xxpj
Affected version: >=8.0.0,<8.9.19|>=9.2.0,<9.2.6|>=9.1.0,<9.1.13
Reported by:
GitHub -
[MEDIUM] Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005
PKSA-6dxs-yv9z-8twp GHSA-7f4f-p7mq-p4fv
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.1.0|>=9.1.0,<9.1.12|>=9.2.0,<9.2.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
PKSA-7zvx-63nf-7nkj CVE-2020-13672 GHSA-3m36-mjwj-352c
Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.14|>=9.0.0,<9.0.12|>=9.1.0,<9.1.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
PKSA-bc4x-jnrh-4k6w CVE-2021-33829 GHSA-rgx6-rjj4-c388
Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.0.14|>=9.1.0,<9.1.9
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013
PKSA-kjgx-r4v3-961f GHSA-gfvf-2f25-f34r
Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal core - Critical - Remote code execution - SA-CORE-2020-012
PKSA-77t6-rxnw-bfjm CVE-2020-13671 GHSA-68jc-v27h-vhmw
Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
PKSA-jknr-sjbw-zn24 CVE-2020-13667 GHSA-x2q9-r8gm-f657
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
PKSA-c6qk-kgrx-8q42 CVE-2020-13666 GHSA-8jj2-x2gc-ggm7
Affected version: >=7.0.0,<7.73|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009
PKSA-1k26-dn58-yzpc CVE-2020-13668 GHSA-m6q5-wv4x-fv6h
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010
PKSA-69gr-9b59-5f99 CVE-2020-13669 GHSA-c533-c843-67h8
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
PKSA-ggc3-34xd-zmzd CVE-2020-13670 GHSA-mmjr-5q74-p3m4
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004
PKSA-j215-hxck-vk25 CVE-2020-13663 GHSA-m648-hpf8-qcjw
Affected version: >=7.0.0,<7.72|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
PKSA-jkzg-rr1r-vmvy CVE-2020-13664 GHSA-x72f-ggjw-v5xh
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Drupal core - Less critical - Access bypass - SA-CORE-2020-006
PKSA-5wmm-s575-4sjg CVE-2020-13665 GHSA-wxqp-jwc9-g39x
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
PKSA-yxnf-v37t-gh27 CVE-2020-13662 GHSA-gjqg-9rhv-qj67
Affected version: >=7.0.0,<7.70|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.14|>=8.8.0,<8.8.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001
PKSA-rb2t-qsk8-f792 GHSA-mh4h-27gq-cxwj
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.12|>=8.8.0,<8.8.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
PKSA-xv6s-sqg3-tq2g GHSA-7gwj-7fhm-vw4w
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011
PKSA-vcbr-zg2g-wfsp GHSA-6mgp-v5cm-ghg5
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009
PKSA-n8hw-tywm-xrh7 GHSA-7v68-3pr5-h3cr
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012
PKSA-mw8j-f3jc-m8zf GHSA-pr99-c33p-fwf6
Affected version: >=7.0.0,<7.69|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Moderately critical - Third-party libraries - SA-CORE-2019-007
PKSA-75yj-2hm1-2ffx CVE-2019-11831 GHSA-xv7v-rf6g-xwrc
Affected version: >=7.0.0,<7.67.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.6.16|>=8.7.0,<8.7.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005
PKSA-q3jn-2tvt-kmzh CVE-2019-10909 GHSA-g996-q5r8-w7g2
Affected version: >=7.0,<7.65|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.14|>=8.6.0,<8.6.14
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Moderately critical - Cross Site Scripting - SA-CORE-2019-004
PKSA-ycp7-r1gf-k17h CVE-2019-6341 GHSA-cmmh-8mwp-gq5p
Affected version: >=7.0.0,<7.65.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.14|>=8.6.0,<8.6.13
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Highly critical - Remote Code Execution
PKSA-18ct-8ggk-h581 CVE-2019-6340 GHSA-3gx6-h57h-rm27
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.11|>=8.6.0,<8.6.10
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Critical - Arbitrary PHP code execution
PKSA-9n1q-yjxq-ntxd CVE-2019-6339 GHSA-8cw5-rv98-5c46
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.9|>=8.6.0,<8.6.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Critical - Third Party Libraries
PKSA-tqjg-2d31-rxds CVE-2019-6338
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.9|>=8.6.0,<8.6.6
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] External URL injection through URL aliases - Moderately Critical - Open Redirect
PKSA-254t-dtnb-4ybb GHSA-vfgc-c76h-mwh4
Affected version: >=7.0,<7.60|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution
PKSA-mhgf-dg9m-23xj GHSA-6ccv-8fgf-cjpw
Affected version: >=7.0,<7.60|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Anonymous Open Redirect - Moderately Critical - Open Redirect
PKSA-1723-b3b5-yrdh GHSA-gxxj-g9v8-w28p
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Contextual Links validation - Critical - Remote Code Execution
PKSA-mkhd-5d73-ftb7 GHSA-6gf6-24h2-66j4
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Content moderation - Moderately critical - Access bypass
PKSA-7ptn-7539-yr8y GHSA-98h9-727m-44qv
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Critical - Remote Code Execution
PKSA-xw62-8xjy-mc59 CVE-2018-7602 GHSA-297x-j9pm-xjgg
Affected version: >=7.0,<7.59|>=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4,<8.4.8|>=8.5,<8.5.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Moderately critical - Cross Site Scripting
PKSA-214d-s1bc-j16m CVE-2018-9861 GHSA-g78h-pf65-46rv
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4,<8.4.7|>=8.5,<8.5.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Highly critical - Remote Code Execution
PKSA-hcrx-hx8t-7n3g CVE-2018-7600 GHSA-7fh9-933g-885p
Affected version: >=7.0,<7.58|>=8.0,<8.3.9|>=8.4,<8.4.6|>=8.5,<8.5.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Language fallback can be incorrect on multilingual sites with node access restrictions.
PKSA-719r-5gyf-y5cc CVE-2017-6930 GHSA-3327-jr93-7hq3
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Comment reply form allows access to restricted content.
PKSA-tkp1-mpmp-xyj4 CVE-2017-6926 GHSA-2p28-5mvp-2j2r
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] JavaScript cross-site scripting prevention is incomplete.
PKSA-qdmw-yrmc-qbbd CVE-2017-6927 GHSA-585j-5449-mf5m
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] jQuery vulnerability with untrusted domains.
PKSA-t9z9-bcb2-5zhs CVE-2017-6929 GHSA-5vpr-v24w-mmjj
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Settings Tray access bypass.
PKSA-vbh8-z5f3-8qxw CVE-2017-6931 GHSA-7ffh-cjvg-fpr4
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] External link injection on 404 pages when linking to the current page.
PKSA-rm5p-gw4d-nq88 CVE-2017-6932 GHSA-wm86-w3cf-h6vm
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Private file access bypass.
PKSA-7mx7-kjj6-v7gb CVE-2017-6928 GHSA-66mv-q8r2-hj8w
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Entity access bypass for entities that do not have UUIDs or have protected revisions.
PKSA-t6j8-kjhk-561m CVE-2017-6925 GHSA-f4qx-jqfq-7785
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] REST API can bypass comment approval.
PKSA-tpkb-65dd-h1sr CVE-2017-6924 GHSA-p8g6-5mg7-9r5q
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Views does not properly restrict access to the Ajax endpoint.
PKSA-1z5n-zfyy-wgfb CVE-2017-6923 GHSA-v3f6-f29f-rgvp
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] PECL YAML parser unsafe object handling
PKSA-vwz4-b3n9-6cwf CVE-2017-6920 GHSA-9c24-g32g-35rj
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Files uploaded by anonymous users into a private file system can be accessed by other anonymous users
PKSA-9xbc-spnf-z7nb CVE-2017-6922 GHSA-58f3-cx8p-h8jg
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] File REST resource does not properly validate
PKSA-m9t7-ggb8-t5fn CVE-2017-6921 GHSA-h377-287m-w2r9
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Access bypass
PKSA-2pkc-d97h-541b CVE-2017-6919 GHSA-6hpj-9xj7-2jxx
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.8|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Remote code execution
PKSA-1931-qv6k-h8s6 CVE-2017-6381 GHSA-rhx9-3qf7-r3j7
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Some admin paths were not protected with a CSRF token
PKSA-kq9s-pmck-3hhz CVE-2017-6379 GHSA-gxxq-fhc7-3jv9
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Editor module incorrectly checks access to inline private files
PKSA-ppg3-hj76-c1nd CVE-2017-6377 GHSA-w7qx-vwr9-2j3r
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Inconsistent name for term access query
PKSA-g8fm-x736-dhw6 CVE-2016-9449 GHSA-p745-347h-hjfw
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Denial of service via transliterate mechanism
PKSA-zfjc-rvnr-yfgg CVE-2016-9452 GHSA-jpj8-49hr-wcwv
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Incorrect cache context on password reset page
PKSA-vsdz-dkbh-6vty CVE-2016-9450 GHSA-98w5-wqp9-w466
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Full config export can be downloaded without administrative permissions
PKSA-7nn6-tbd9-7733 CVE-2016-7572 GHSA-fmqh-2j2x-vgp3
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Cross-site Scripting in http exceptions
PKSA-hyt2-1n75-d5g6 CVE-2016-7571 GHSA-vhg8-x858-7wq6
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Users without "Administer comments" can set comment visibility on nodes they can edit
PKSA-wsdn-jkns-xw8s CVE-2016-7570 GHSA-6g9h-6v79-w4pc
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal Core - Highly Critical - Injection - SA-CORE-2016-003
PKSA-dtjt-nkrz-7p1t CVE-2016-5385 GHSA-m6ch-gg5f-wxx3
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Saving user accounts can sometimes grant the user all roles
PKSA-dftb-k553-yc5x CVE-2016-6211 GHSA-frqf-9qr4-6vxf
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Views can allow unauthorized users to see Statistics information
PKSA-h7b6-5hdp-ngdf CVE-2016-6212 GHSA-rfxx-gxwc-923c
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Reflected file download vulnerability
PKSA-cvhr-cpqr-xzbr CVE-2016-3168 GHSA-qqxc-cppg-4xp8
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Open redirect via double-encoded 'destination' parameter
PKSA-1tzq-2qs7-2bmg CVE-2016-3167 GHSA-gxwx-c7m8-f95h
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] HTTP header injection using line breaks
PKSA-c5cy-9myc-9jvy CVE-2016-3166 GHSA-fg5q-r2q5-qmh3
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Form API ignores access restrictions on submit buttons
PKSA-f2tr-vkvs-rn6s CVE-2016-3165 GHSA-4gh5-3hqj-x3pj
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Open redirect via path manipulation
PKSA-w7rh-fsfz-47tv CVE-2016-3164 GHSA-836p-6p4j-35cg
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Brute force amplification attacks via XML-RPC
PKSA-dcs8-k9rm-1jyb CVE-2016-3163 GHSA-h3r9-pjmr-f938
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] File upload access bypass and denial of service
PKSA-6ghb-cyrk-9kmw CVE-2016-3162 GHSA-w2pj-c8x5-jvg2
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Saving user accounts can sometimes grant the user all roles
PKSA-vf9k-szc7-mht3 CVE-2016-3169 GHSA-q3p9-8728-wq7x
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Email address can be matched to an account
PKSA-w5qn-v455-qw2x CVE-2016-3170 GHSA-pqv4-xgqh-j8vh
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Session data truncation can lead to unserialization of user provided data
PKSA-4jbn-vr6y-x6k7 CVE-2016-3171 GHSA-69g8-g9jq-74v7
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub