Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2014-005 - Leaflet - Access bypass

By Drupal Security Team on 22 Jan 2014 at 15:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-005
Project: Leaflet (third-party module)
Version: 7.x
Date: 2014-January-22
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing

By Drupal Security Team on 22 Jan 2014 at 15:05 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-004
Project: Secure Cookie Data (third-party module)
Version: 7.x
Date: 2014-January-22
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Information Disclosure, Multiple vulnerabilities

SA-CONTRIB-2014-003 - Doubleclick for Publishers DFP - Cross Site Scripting (XSS)

By Drupal Security Team on 22 Jan 2014 at 14:55 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-003
Project: Doubleclick for Publishers (DFP) (third-party module)
Version: 7.x
Date: 2014-January-22
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities

By Drupal Security Team on 15 Jan 2014 at 19:33 UTC

Advisory ID: DRUPAL-SA-CORE-2014-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2014-January-15
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Jan 2014 at 15:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-002
Project: Anonymous Posting (third-party module)
Version: 7.x
Date: 2014-January-15
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Media - Access Bypass - PSA-2014-001

Date:

2014-January-08

Advisory ID: PSA-2014-001
Project: Media (third-party module)
Version: 7.x
Date: 2014-01-08
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access Bypass

SA-CONTRIB-2014-001 - Entity API - Access Bypass

By Drupal Security Team on 8 Jan 2014 at 17:32 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-001
Project: Entity API (third-party module)
Version: 7.x
Date: 2014-January-08
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-098 - Ubercart - Session Fixation Vulnerability

By Drupal Security Team on 17 Dec 2013 at 20:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-098
Project: Ubercart (third-party module)
Version: 6.x, 7.x
Date: 2013-12-18
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Session Fixation

SA-CONTRIB-2013-097 - OG Features - Access bypass

By Drupal Security Team on 4 Dec 2013 at 15:53 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-097
Project: OG Features (third-party module)
Version: 6.x
Date: 2013-December-04
Security risk: Not Critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities

By Drupal Security Team on 20 Nov 2013 at 20:41 UTC

Advisory ID: DRUPAL-SA-CORE-2013-003
Project: Drupal core
Version: 6.x, 7.x
Date: 2013-November-20
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

Pages

Subscribe with RSS