AVG-74 log

Package drupal
Status Fixed
Severity Medium
Type multiple issues
Affected 8.2.2-1
Fixed 8.2.3-1
Current 10.2.4-1 [extra]
Ticket None
Created Sat Nov 19 20:44:58 2016
Issue Severity Remote Type Description
CVE-2016-9452 Medium Yes Denial of service
A specially crafted URL can cause a denial of service via the transliterate mechanism.
CVE-2016-9450 Low Yes Content spoofing
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
CVE-2016-9449 Low Yes Information disclosure
Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict...
Date Advisory Package Type
19 Nov 2016 ASA-201611-20 drupal multiple issues