Security advisories: Follow RSS Feed & Discover Posts

Back to Discover

174 followers 0 articles/week

Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001

Project: Drupal coreDate: 2024-January-17Security risk: Moderately critical 11∕25 AC:None/A:None/CI:None/II:None/E:Theoretical/TD:DefaultVulnerability: Denial of ServiceAffected versions: >=8.0 <10.1.8 || >=10.2 <10.2.2Description: The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply...

Wed Jan 17, 2024 20:14

Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

Project: Drupal coreDate: 2023-September-20Security risk: Critical 16∕25 AC:Complex/A:None/CI:All/II:Some/E:Theoretical/TD:DefaultVulnerability: Cache poisoningAffected versions: >=8.7.0 <9.5.11 || >=10.0 <10.0.11 || >= 10.1 <10.1.4CVE IDs: CVE-2023-5256Description: In certain scenarios, Drupal's JSON:API module will output error backtraces....

Wed Sep 20, 2023 20:55

Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005

Project: Drupal coreDate: 2023-April-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access...

Wed Apr 19, 2023 21:03

Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004

Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: <7.95 || >=8.0.0 <9.4.12 || >=9.5.0 <9.5.5 || >=10.0.0 <10.0.5Description: Drupal core provides a page that outputs the markup from phpinfo() to...

Wed Mar 15, 2023 20:49

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003

Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 13∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information DisclosureAffected versions: >=8.0.0 <9.4.12 || >=9.5.0 <9.5.5 || >=10.0.0 <10.0.5Description: The language module provides a Language switcher block which can be placed...

Wed Mar 15, 2023 20:49

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002

Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information DisclosureAffected versions: >=8.0.0 <9.4.12 || >=9.5.0 <9.5.5 || >=10.0.0 <10.0.5Description: The Media module does not properly check entity access in some circumstances....

Wed Mar 15, 2023 20:49

Build your own newsfeed

Ready to give it a go?
Start a 14-day trial, no credit card required.

Create account