Python vulnerability CVE-2019-9636 Security Advisory Security Advisory Description Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an ...
More info:
https://support.f5.com/csp/article/K57542514?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13666Description: The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.Solution: Install the latest version:If you are using Drupal 7.x, upgrade to Drupal 7.73.If you are using Drupal 8.8.x, upgrade to Drupal 8.8.10.If you are using Drupal 8.9.x, upgrade to
More info:
https://www.drupal.org/sa-core-2020-007
Project: Drupal coreDate: 2020-September-16Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13668Description: Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances.An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade
More info:
https://www.drupal.org/sa-core-2020-009
Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13669Description: Drupal cores built-in CKEditor image caption functionality is vulnerable to XSS.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade to Drupal 8.8.10.If you are using Drupal 8.9.x, upgrade to Drupal 8.9.6.If you are using Drupal 9.0.x, upgrade to Drupal
More info:
https://www.drupal.org/sa-core-2020-010
Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassCVE IDs: CVE-2020-13667Description: The experimental Workspaces module allows you to create multiple workspaces on your site in which draft content can be edited before being published to the live workspace.The Workspaces module doesnt sufficiently check access permissions when switching workspaces, leading to an access
More info:
https://www.drupal.org/sa-core-2020-008
BIG-IP SSL/TLS CRL vulnerability CVE-2020-5913 Security Advisory Security Advisory Description The BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present.
More info:
https://support.f5.com/csp/article/K72752002?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information disclosureCVE IDs: CVE-2020-13670Description: A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade to Drupal
More info:
https://www.drupal.org/sa-core-2020-011
