Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2014-050 - Commerce Postfinance ePayment - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-050
  • Project: Commerce Postfinance ePayment (third-party module)
  • Version: 7.x
  • Date: 2014-May-14
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-049
  • Project: Organic groups (third-party module)
  • Version: 7.x
  • Date: 2014-May-07
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2014-048 - Field API Pane Editor (FAPE) - Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-048
  • Project: Field API Pane Editor (FAPE) (third-party module)
  • Version: 7.x
  • Date: 2014-April-30
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2014-047 - Zen - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-047
  • Project: Zen (third-party theme)
  • Version: 7.x
  • Date: 2014-April-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CONTRIB-2014-046 - Context Form Alteration - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-046
  • Project: Context Form Alteration (third-party module)
  • Version: 7.x
  • Date: 2014-April-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CONTRIB-2014-045 - Drupal Commons - Multiple Vulnerabilities

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-045
  • Project: Drupal Commons (third-party module)
  • Version: 7.x
  • Date: 2014-April-23
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2014-044 - Professional Theme - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-044
  • Project: Professional Theme (third-party module)
  • Version: 7.x
  • Date: 2014-April-23
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CONTRIB-2014-043 - Custom Search - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-043
  • Project: Custom Search (third-party module)
  • Version: 6.x, 7.x
  • Date: 2014-April-23
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2014-042 - Internationalization - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-042
  • Project: Internationalization (third-party module)
  • Version: 7.x
  • Date: 2014-April-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CORE-2014-002 - Drupal core - Information Disclosure

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2014-002
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2014-April-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure
Categories: Drupal 6.x, Drupal 7.x

Pages

Subscribe with RSS Subscribe to Security advisories