Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2014-081 - Site Banner - Cross Site Scripting (XSS)

By Drupal Security Team on 20 Aug 2014 at 14:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-081
Project: Site Banner (third-party module)
Version: 7.x
Date: 2014-Aug-20
Security risk: 12/25 ( Moderately Critical) AC:Complex/A:Admin/CI:Some/II:Some/E:Proof/TD:75
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-080 - Social Stats - Cross Site Scripting (XSS)

By Drupal Security Team on 20 Aug 2014 at 14:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-080
Project: Social Stats (third-party module)
Version: 7.x
Date: 2014-August-20
Security risk: 8/25 ( Less Critical) AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:100
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-079 - RedHen CRM - Cross Site Scripting (XSS)

By Drupal Security Team on 20 Aug 2014 at 13:58 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-079
Project: RedHen CRM (third-party module)
Version: 7.x
Date: 2014-August-20
Security risk: 7/25 ( Less Critical) AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:100
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-078 - Notify - Access bypass

By Drupal Security Team on 13 Aug 2014 at 16:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-078
Project: Notify (third-party module)
Version: 7.x
Date: 2014-August-13
Security risk: 10/25 ( Moderately Critical) AC:Complex/A:User/CI:Some/II:None/E:Proof/TD:75
Vulnerability: Access bypass

SA-CONTRIB-2014-077 - TableField - Cross Site Scripting (XSS)

By Drupal Security Team on 13 Aug 2014 at 13:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-077
Project: TableField (third-party module)
Version: 7.x
Date: 2014-August-13
Security risk: 12/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:25
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-076 - Fasttoggle - Access bypass

By Drupal Security Team on 6 Aug 2014 at 20:16 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-076
Project: Fasttoggle (third-party module)
Version: 7.x
Date: 2014-August-06
Security risk: 11/25 (

Moderately Critical

) AC:Basic/A:None/CI:None/II:None/E:Exploit/TD:25
Vulnerability: Access bypass

SA-CONTRIB-2014-075 - Biblio Autocomplete - SQL injection and Access Bypass

By Drupal Security Team on 6 Aug 2014 at 19:42 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-075
Project: Biblio Autocomplete (third-party module)
Version: 6.x, 7.x
Date: 2014-August-06
Security risk: 23/25 (

Highly Critical

) AC:Basic/A:None/CI:All/II:All/E:Exploit/TD:100
Vulnerability: Access bypass, SQL Injection

SA-CORE-2014-004 - Drupal core - Denial of service

By Drupal Security Team on 6 Aug 2014 at 17:41 UTC

Advisory ID: DRUPAL-SA-CORE-2014-004
Project: Drupal core
Version: 6.x, 7.x
Date: 2014-August-06
Security risk: 13/25 (

Moderately Critical

) AC:None/A:None/CI:None/II:None/E:Proof/TD:100
Exploitable from: Remote
Vulnerability: Denial of service

SA-CONTRIB-2014-074 - Storage API - Code execution prevention

By Drupal Security Team on 30 Jul 2014 at 19:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-074
Project: Storage API (third-party module)
Version: 7.x
Date: 2014-July-30
Security risk: (Less Critical)
Vulnerability: Arbitrary PHP code execution

SA-CONTRIB-2014-073- Date - Cross Site Scripting (XSS)

By Drupal Security Team on 30 Jul 2014 at 15:25 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-073
Project: Date (third-party module)
Version: 7.x
Date: 2014-July-30
Security risk: Moderately Critical
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS