drupal

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A PHP-based content management platform
Version	8.5.4-1 [community]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-679	8.5.2-1	8.5.3-1	Critical	Fixed
AVG-665	8.5.0-1	8.5.1-1	Critical	Fixed
AVG-75	7.51-1	7.52-1	Medium	Fixed
AVG-74	8.2.2-1	8.2.3-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2018-7602	AVG-679	Critical	Yes	Arbitrary command execution	A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack...
CVE-2018-7600	AVG-665	Critical	Yes	Arbitrary code execution	A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack...
CVE-2016-9452	AVG-74	Medium	Yes	Denial of service	A specially crafted URL can cause a denial of service via the transliterate mechanism.
CVE-2016-9451	AVG-75	Medium	Yes	Open redirect	Under certain circumstances, malicious users could construct a URL to a confirmation form that would trick users into being redirected to a 3rd party...
CVE-2016-9450	AVG-74	Low	Yes	Content spoofing	The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
CVE-2016-9449	AVG-74	Low	Yes	Information disclosure	Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict...

Advisories

Date	Advisory	Group	Severity	Description
27 Apr 2018	ASA-201804-10	AVG-679	Critical	arbitrary command execution
01 Apr 2018	ASA-201804-1	AVG-665	Critical	arbitrary code execution
19 Nov 2016	ASA-201611-20	AVG-74	Medium	multiple issues