drupal

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A PHP-based content management platform
Version 8.4.5-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-75 7.51-1 7.52-1 Medium Fixed
AVG-74 8.2.2-1 8.2.3-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2016-9452 AVG-74 Medium Yes Denial of service
A specially crafted URL can cause a denial of service via the transliterate mechanism.
CVE-2016-9451 AVG-75 Medium Yes Open redirect
Under certain circumstances, malicious users could construct a URL to a confirmation form that would trick users into being redirected to a 3rd party...
CVE-2016-9450 AVG-74 Low Yes Content spoofing
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
CVE-2016-9449 AVG-74 Low Yes Information disclosure
Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict...

Advisories

Date Advisory Group Severity Description
19 Nov 2016 ASA-201611-20 AVG-74 Medium multiple issues