Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2014-100 - Bad Behavior - Information Disclosure

By Drupal Security Team on 22 Oct 2014 at 15:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-100
Project: Bad Behavior (third-party module)
Version: 6.x, 7.x
Date: 2014-October-22
Security risk: 15/25 ( Critical) AC:Basic/A:Admin/CI:Some/II:All/E:Theoretical/TD:All
Vulnerability: Information Disclosure

SA-CONTRIB-2014-099 - Open Atrium Core - Access bypass

By Drupal Security Team on 15 Oct 2014 at 16:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-099
Project: Open Atrium (third-party module)
Version: 7.x
Date: 2014-10-15
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

SA-CORE-2014-005 - Drupal core - SQL injection

By Drupal Security Team on 15 Oct 2014 at 16:02 UTC

Advisory ID: DRUPAL-SA-CORE-2014-005
Project: Drupal core
Version: 7.x
Date: 2014-Oct-15
Security risk: 25/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Exploit/TD:All
Vulnerability: SQL Injection

SA-CONTRIB-2014-098 - CKEditor - Cross Site Scripting (XSS)

By Drupal Security Team on 15 Oct 2014 at 12:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-098
Project: CKEditor - WYSIWYG HTML editor (third-party module)
Version: 6.x, 7.x
Date: 2014-October-15
Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-097 - nodeaccess - Access Bypass

By Drupal Security Team on 8 Oct 2014 at 13:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-097
Project: Nodeaccess (third-party module)
Version: 6.x, 7.x
Date: 2014-October-08
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Uncommon
Vulnerability: Access bypass

SA-CONTRIB-2014-096 - OAuth2 Client - Cross Site Scripting (XSS)

By Drupal Security Team on 8 Oct 2014 at 13:33 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-096
Project: OAuth2 Client (third-party module)
Version: 7.x
Date: 2014-October-08
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-095 - Safeword - Cross Site Scripting (XSS)

By Drupal Security Team on 24 Sep 2014 at 19:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-095
Project: Safeword (third-party module)
Version: 7.x
Date: 2014-September-23
Security risk: 7/25 ( Less Critical) AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS)

By Drupal Security Team on 24 Sep 2014 at 19:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-094
Project: Webform Patched (third-party module)
Version: 6.x, 7.x
Date: 2014-September-24
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-093 - Twilio - Information Disclosure

By Drupal Security Team on 24 Sep 2014 at 19:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-093
Project: Twilio (third-party module)
Version: 7.x
Date: 2014-September-24
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Information Disclosure

SA-CONTRIB-2014-092 - Services - Cross Site Scripting, Access bypass

By Drupal Security Team on 24 Sep 2014 at 19:21 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-092
Project: Services (third-party module)
Version: 7.x
Date: 2014-September-24
Security risk: 11/25 ( Moderately Critical) AC:Complex/A:User/CI:None/II:Some/E:Proof/TD:All
Vulnerability: Cross Site Scripting, Access bypass

Pages

Subscribe with RSS