drupal/drupal Security Advisories for 8.0-alpha13 (69)
-
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.1.0|>=9.1.0,<9.1.12|>=9.2.0,<9.2.4
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
PKSA-jxhg-kvfm-s7yj CVE-2021-33829 GHSA-rgx6-rjj4-c388
Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.0.14|>=9.1.0,<9.1.9
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
PKSA-tyxj-vy9p-637h CVE-2020-13672
Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.14|>=9.0.0,<9.0.12|>=9.1.0,<9.1.7
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013
Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Drupal core - Critical - Remote code execution - SA-CORE-2020-012
PKSA-3srb-7yzb-k3z9 CVE-2020-13671 GHSA-68jc-v27h-vhmw
Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
PKSA-pj26-qzbs-qsdf CVE-2020-13670 GHSA-mmjr-5q74-p3m4
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010
PKSA-cw52-vxdv-rgs8 CVE-2020-13669
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009
PKSA-7wth-f9fy-pscz CVE-2020-13668 GHSA-m6q5-wv4x-fv6h
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
PKSA-p8nh-vdkj-qj6y CVE-2020-13667 GHSA-x2q9-r8gm-f657
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
PKSA-t5jy-w6qp-61j7 CVE-2020-13666 GHSA-8jj2-x2gc-ggm7
Affected version: >=7.0.0,<7.73|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004
PKSA-n9tv-m1y4-br95 CVE-2020-13663 GHSA-m648-hpf8-qcjw
Affected version: >=7.0.0,<7.72|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
PKSA-jtb2-54dk-mhsx CVE-2020-13664 GHSA-x72f-ggjw-v5xh
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Drupal core - Less critical - Access bypass - SA-CORE-2020-006
PKSA-sjd7-frvy-mdhc CVE-2020-13665 GHSA-wxqp-jwc9-g39x
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
PKSA-mqnq-34h4-66fw CVE-2020-13662 GHSA-gjqg-9rhv-qj67
Affected version: >=7.0.0,<7.70|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.14|>=8.8.0,<8.8.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.12|>=8.8.0,<8.8.4
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012
Affected version: >=7.0.0,<7.69|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
[CRITICAL] Moderately critical - Third-party libraries - SA-CORE-2019-007
PKSA-jsmp-3whm-t6rt CVE-2019-11831 GHSA-xv7v-rf6g-xwrc
Affected version: >=7.0.0,<7.67.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.6.16|>=8.7.0,<8.7.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005
PKSA-z68s-rsnj-bg9p CVE-2019-10909 GHSA-g996-q5r8-w7g2
Affected version: >=7.0,<7.65|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.14|>=8.6.0,<8.6.14
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Moderately critical - Cross Site Scripting - SA-CORE-2019-004
PKSA-pgjt-mjp7-yk5b CVE-2019-6341 GHSA-cmmh-8mwp-gq5p
Affected version: >=7.0.0,<7.65.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.14|>=8.6.0,<8.6.13
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Highly critical - Remote Code Execution
PKSA-gwcs-2npw-6jkx CVE-2019-6340 GHSA-3gx6-h57h-rm27
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.11|>=8.6.0,<8.6.10
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Critical - Arbitrary PHP code execution
PKSA-v12n-s3v9-h238 CVE-2019-6339 GHSA-8cw5-rv98-5c46
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.9|>=8.6.0,<8.6.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Critical - Third Party Libraries
PKSA-83y8-fbf9-p8pg CVE-2019-6338 GHSA-6rmq-x2hv-vxpp
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.9|>=8.6.0,<8.6.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
External URL injection through URL aliases - Moderately Critical - Open Redirect
Affected version: >=7.0,<7.60|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution
Affected version: >=7.0,<7.60|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Anonymous Open Redirect - Moderately Critical - Open Redirect
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Contextual Links validation - Critical - Remote Code Execution
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Content moderation - Moderately critical - Access bypass
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
[CRITICAL] Critical - Remote Code Execution
PKSA-yhj1-bxyy-rdxg CVE-2018-7602 GHSA-297x-j9pm-xjgg
Affected version: >=7.0,<7.59|>=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4,<8.4.8|>=8.5,<8.5.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Moderately critical - Cross Site Scripting
PKSA-7fkr-1psn-gtby CVE-2018-9861 GHSA-g78h-pf65-46rv
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4,<8.4.7|>=8.5,<8.5.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Highly critical - Remote Code Execution
PKSA-vxmz-ty8f-b6z6 CVE-2018-7600 GHSA-7fh9-933g-885p
Affected version: >=7.0,<7.58|>=8.0,<8.3.9|>=8.4,<8.4.6|>=8.5,<8.5.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] External link injection on 404 pages when linking to the current page.
PKSA-shvx-9v6v-mh4g CVE-2017-6932 GHSA-wm86-w3cf-h6vm
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Settings Tray access bypass.
PKSA-8c73-9d9q-wjjn CVE-2017-6931 GHSA-7ffh-cjvg-fpr4
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Language fallback can be incorrect on multilingual sites with node access restrictions.
PKSA-85r1-nbhv-6rm8 CVE-2017-6930 GHSA-3327-jr93-7hq3
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Comment reply form allows access to restricted content.
PKSA-d64z-26x7-vz6q CVE-2017-6926 GHSA-2p28-5mvp-2j2r
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] JavaScript cross-site scripting prevention is incomplete.
PKSA-vhn6-38y5-kddj CVE-2017-6927 GHSA-585j-5449-mf5m
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Private file access bypass.
PKSA-2fpr-5mfr-nmjk CVE-2017-6928 GHSA-66mv-q8r2-hj8w
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] jQuery vulnerability with untrusted domains.
PKSA-2nzk-cjnb-sykj CVE-2017-6929 GHSA-5vpr-v24w-mmjj
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Views does not properly restrict access to the Ajax endpoint.
PKSA-d6ff-8r27-jzxg CVE-2017-6923 GHSA-v3f6-f29f-rgvp
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] REST API can bypass comment approval.
PKSA-bjxv-t98g-wxbc CVE-2017-6924 GHSA-p8g6-5mg7-9r5q
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Entity access bypass for entities that do not have UUIDs or have protected revisions.
PKSA-4yk2-2pnb-8wmm CVE-2017-6925 GHSA-f4qx-jqfq-7785
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] PECL YAML parser unsafe object handling
PKSA-bd93-62nz-62ty CVE-2017-6920 GHSA-9c24-g32g-35rj
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Files uploaded by anonymous users into a private file system can be accessed by other anonymous users
PKSA-fmbg-ynh5-ncwt CVE-2017-6922 GHSA-58f3-cx8p-h8jg
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] File REST resource does not properly validate
PKSA-sxjy-vyrx-sybt CVE-2017-6921 GHSA-h377-287m-w2r9
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Access bypass
PKSA-6hr3-jfb5-yn11 CVE-2017-6919
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.8|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Remote code execution
PKSA-8cvj-gc3z-dc48 CVE-2017-6381 GHSA-rhx9-3qf7-r3j7
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Some admin paths were not protected with a CSRF token
PKSA-m9vt-xddw-ftmz CVE-2017-6379
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Editor module incorrectly checks access to inline private files
PKSA-kgj1-j6gn-hqx6 CVE-2017-6377 GHSA-w7qx-vwr9-2j3r
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Inconsistent name for term access query
PKSA-61zf-yq9k-xy21 CVE-2016-9449 GHSA-p745-347h-hjfw
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Incorrect cache context on password reset page
PKSA-vmgf-49qv-szpf CVE-2016-9450 GHSA-98w5-wqp9-w466
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Denial of service via transliterate mechanism
PKSA-txsr-48d2-s1sw CVE-2016-9452 GHSA-jpj8-49hr-wcwv
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Users without "Administer comments" can set comment visibility on nodes they can edit
PKSA-ffy2-ffrk-zcb4 CVE-2016-7570 GHSA-6g9h-6v79-w4pc
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Cross-site Scripting in http exceptions
PKSA-85kq-yzx4-11dr CVE-2016-7571 GHSA-vhg8-x858-7wq6
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Full config export can be downloaded without administrative permissions
PKSA-n53n-gs3v-kmh7 CVE-2016-7572 GHSA-fmqh-2j2x-vgp3
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal Core - Highly Critical - Injection - SA-CORE-2016-003
PKSA-f4w3-gyz6-twss CVE-2016-5385 GHSA-m6ch-gg5f-wxx3
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Saving user accounts can sometimes grant the user all roles
PKSA-92n7-p42q-cg28 CVE-2016-6211
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.3
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Views can allow unauthorized users to see Statistics information
PKSA-2hf6-h7hr-9hf8 CVE-2016-6212 GHSA-rfxx-gxwc-923c
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Session data truncation can lead to unserialization of user provided data
PKSA-6j9q-3gj6-zqvw CVE-2016-3171 GHSA-69g8-g9jq-74v7
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Email address can be matched to an account
PKSA-5bhv-mh89-c2dq CVE-2016-3170
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Saving user accounts can sometimes grant the user all roles
PKSA-9qcr-q27r-2kkq CVE-2016-3169 GHSA-q3p9-8728-wq7x
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Reflected file download vulnerability
PKSA-s2bq-yz6z-7q3q CVE-2016-3168 GHSA-qqxc-cppg-4xp8
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Open redirect via double-encoded 'destination' parameter
PKSA-hhyw-n4y2-tjwh CVE-2016-3167 GHSA-gxwx-c7m8-f95h
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] HTTP header injection using line breaks
PKSA-g4gm-fxmh-fsz6 CVE-2016-3166 GHSA-fg5q-r2q5-qmh3
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Form API ignores access restrictions on submit buttons
PKSA-ckgy-hnh7-rnvz CVE-2016-3165 GHSA-4gh5-3hqj-x3pj
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Open redirect via path manipulation
PKSA-mgc1-rk7x-fh44 CVE-2016-3164 GHSA-836p-6p4j-35cg
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Brute force amplification attacks via XML-RPC
PKSA-q6pn-qvfp-f7kp CVE-2016-3163
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] File upload access bypass and denial of service
PKSA-1z3h-7mrn-jhpp CVE-2016-3162 GHSA-w2pj-c8x5-jvg2
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories, GitHub