This module enables administrators to set unique registration paths per Profile2 profile type.
The module allows users to register even though a site is configured to prevent registration.
The module fails to filter some configuration text. This vulnerability is mitigated by the fact that an attacker must have the “Administer profiles” permission.
CVE identifier(s) issued
A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
All versions are affected.
Drupal core is not affected. If you do not use the contributed Profile2 Registration Path module, there is nothing you need to do.
MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system. The vulnerability stems from unsafe file handling of error logs and other files.
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.