Security advisories for Drupal core | Drupal.org

Show advisories for only contributed projects, only PSAs, or all security advisories

Drupal Core - Highly Critical - Injection - SA-CORE-2016-003

By Drupal Security Team on 18 Jul 2016 at 13:53 UTC

Advisory ID: DRUPAL-SA-CORE-2016-003
Project: Drupal core
Version: 8.x
Date: 2016-July-18
Security risk: 20/25 ( Highly Critical) AC:Basic/A:None/CI:All/II:All/E:Proof/TD:Default
Vulnerability: Injection

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002

By Drupal Security Team on 15 Jun 2016 at 18:45 UTC

Advisory ID: DRUPAL-SA-CORE-2016-002
Project: Drupal core
Version: 7.x, 8.x
Date: 2016-June-15
Security risk: 11/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass, Multiple vulnerabilities

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001

By Drupal Security Team on 24 Feb 2016 at 17:33 UTC

Advisory ID: SA-CORE-2016-001
Project: Drupal core
Version: 6.x, 7.x, 8.x
Date: 2016-February-24
Security risk: 15/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All
Vulnerability: Multiple vulnerabilities

Drupal Core - Overlay - Less Critical - Open Redirect - SA-CORE-2015-004

By Drupal Security Team on 21 Oct 2015 at 19:16 UTC

Advisory ID: DRUPAL-SA-CORE-2015-004
Project: Drupal core
Version: 7.x
Date: 2015-October-21
Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Open Redirect

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003

By Drupal Security Team on 19 Aug 2015 at 19:27 UTC

Advisory ID: DRUPAL-SA-CORE-2015-003
Project: Drupal core
Version: 6.x, 7.x
Date: 2015-August-19
Security risk: 18/25 ( Critical) AC:Complex/A:User/CI:All/II:All/E:Proof/TD:All
Vulnerability: Cross Site Scripting, Access bypass, SQL Injection, Open Redirect, Multiple vulnerabilities

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-002

By Drupal Security Team on 17 Jun 2015 at 16:12 UTC

Advisory ID: DRUPAL-SA-CORE-2015-002
Project: Drupal core
Version: 6.x, 7.x
Date: 2015-June-17
Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass, Information Disclosure, Open Redirect, Multiple vulnerabilities

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

By Drupal Security Team on 18 Mar 2015 at 18:04 UTC

Advisory ID: DRUPAL-SA-CORE-2015-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2015-March-18
Security risk: 14/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass, Open Redirect, Multiple vulnerabilities

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006

By Drupal Security Team on 19 Nov 2014 at 18:21 UTC

Advisory ID: DRUPAL-SA-CORE-2014-006
Project: Drupal core
Version: 6.x, 7.x
Date: 2014-November-19
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Multiple vulnerabilities

SA-CORE-2014-005 - Drupal core - SQL injection

By Drupal Security Team on 15 Oct 2014 at 16:02 UTC

Advisory ID: DRUPAL-SA-CORE-2014-005
Project: Drupal core
Version: 7.x
Date: 2014-Oct-15
Security risk: 25/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Exploit/TD:All
Vulnerability: SQL Injection

SA-CORE-2014-004 - Drupal core - Denial of service

By Drupal Security Team on 6 Aug 2014 at 17:41 UTC

Advisory ID: DRUPAL-SA-CORE-2014-004
Project: Drupal core
Version: 6.x, 7.x
Date: 2014-August-06
Security risk: 13/25 (

Moderately Critical

) AC:None/A:None/CI:None/II:None/E:Proof/TD:100
Exploitable from: Remote
Vulnerability: Denial of service

Pages

Subscribe with RSS