You are here

Drupal Releases Security Updates – Updated May 9, 2019

Drupal Releases Security Updates – Updated May 9, 2019

Created: Thursday, May 9, 2019 - 15:53
Categories:
Cyber Security

May 9, 2019

Drupal has released a security update to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected website. The NCCIC encourages users and administrators to review Drupal’s security advisory SA-CORE-2019-007 and apply the necessary updates. Read the report at NCCIC/US-CERT.

April 17, 2019

Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. The NCCIC encourages users and administrators to review Drupal’s security advisories SA-CORE-2019-005 and SA-CORE-2019-006 and apply the necessary updates. Read the advisory at NCCIC/ICS-CERT.

March 20, 2019

Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system. encourages users and administrators to review the Drupal Security Advisory and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

January 16, 2019

Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review Drupal’s security advisories SA-CORE-2019-001 and SA-CORE-2019-002 and apply the necessary updates. Read the full advisory at NCCIC/US-CERT.

October 18, 2018

Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. NCCIC/US-CERT.

April 25, 2018

Drupal has released critical updates addressing a vulnerability in Drupal 8.x and 7.x. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. US-CERT.

April 18, 2018

Drupal has released updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to gain access to sensitive information. NCCIC encourages users and administrators to review the Drupal Security Advisory for additional information and apply the necessary updates. NCCIC/US-CERT.

March 28, 2018

Drupal has released critical updates addressing a vulnerability in Drupal 8, 7, and 6.  A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. NCCIC/US-CERT.

February 21, 2018

Drupal has released an advisory to address multiple vulnerabilities in Drupal 7.x and 8.4.x. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.57 or 8.4.5. US-CERT.

August 16, 2017

Drupal has released an advisory to address several vulnerabilities in Drupal 8.x. A remote attacker could exploit one of these vulnerabilities to obtain or modify sensitive information. US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.3.7. US-CERT.

June 21, 2017

Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.56 or 8.3.4. ICS-CERT.

April 19, 2017

Drupal has released an advisory to address a vulnerability in Drupal core 8.x versions prior to 8.2.8 and 8.3.1. A remote attacker could exploit this vulnerability to obtain sensitive information. US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.2.8 or 8.3.1. US-CERT.

March 15, 2017

Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.2.7. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary update. US-CERT.

August 19, 2015

US-CERT advises that Drupal has released updates to address multiple vulnerabilities, one of which could allow an attacker with elevated permissions to inject malicious code. Available updates include: Drupal core 6.37 for 6.x users and Drupal core 7.39 for 7.x users. US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. US-CERT.