Drupal announced fixes for 4 security vulnerabilities

Drupal's security advisory has announced the patches to fix 2 moderate and 2 less critical vulnerabilities in Drupal 7x and 8x versions. One of the moderately critical vulnerability patch is related to DoS loop holes. Its highly recommended to update your Drupal site to respective 7.52 and 8.2.3. Notably Drupal 8.2.3 includes only security patches.

Inconsistent name for term access query

This is considered as a Less Critical and applies to Drupal 7x and 8x versions.

Drupal core provides hook mechanism to alter any SELECT queries before they get executed. Access query tags could have been named through contributed and custom modules in 7x and 8x versions. This can further result in disclosure of term information to unprivileged users.

Incorrect cache context on password reset page

This is considered as a less critical and applies to Drupal 8x.

Problem with a caching context has been identified in Drupal 8's password reset functionality. This could lead to password poisoning and alteration of the content on page. Incidently any rules set for password security could also fail due to this vulnerability. 

Confirmation forms allow external URLs to be injected

This is considered as a moderately critical and applies to Drupal 7x.

Users were exposed to Potential social engineering attacks. Under certain circumstances, malicious users could construct a URL to a confirmation form further resulting users getting redirected to a 3rd party websites after interacting with the form.

DoS via transliterate mechanism

This is considered as a moderately critical and applies to Drupal 8x.

Security issue was detected with Drupal 8's transliterate mechanism that could with exploit with a specially crafted URLs.

To overcome these security issues, it is highly recommended to update your Drupal to respective latest versions 7.52 and 8.2.3.