Original release date: September 21, 2016

Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.1.10. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Drupal’s Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: September 21, 2016

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

• Cisco Cloud Services Platform 2100 Command Injection Vulnerability cisco-sa-20160921-csp2100-1
• Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability cisco-sa-20160921-csp2100-2
• Cisco IOS and IOS XE IOX Command Injection Vulnerability cisco-sa-20160921-iox
• Cisco Firepower Management Center and FireSIGHT System Software SSL Inspection Bypass Vulnerability cisco-sa-20160921-fmc
• Cisco IOS and IOS XE Software Data in Motion Component Denial of Service Vulnerability cisco-sa-20160921-dmo
• Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability cisco-sa-20160921-cph
• Cisco Application-Hosting Framework HTTP Header Injection Vulnerability cisco-sa-20160921-caf1
• Cisco Application Policy Infrastructure Controller Binary Privilege Escalation Vulnerability cisco-sa-20160921-apic
• Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability cisco-sa-20151125-ci

This product is provided subject to this Notification and this Privacy & Use policy.