Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

CAPTCHA - Moderately Critical - Denial of Service - SA-CONTRIB-2017-073

By Drupal Security Team on 6 Sep 2017 at 19:21 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-073
Project: CAPTCHA (third-party module)
Version: 7.x
Date: 2017-September-06
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:None/E:Proof/TD:Default
Vulnerability: Denial of Service

Clientside Validation - Critical - Arbitary PHP Execution - DRUPAL-SA-CONTRIB-2017-072

By Drupal Security Team on 6 Sep 2017 at 17:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-072
Project: Clientside Validation (third-party module)
Version: 7.x
Date: 2017-September-06
Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Arbitrary PHP code execution

H5P - Critical - Reflected Cross Site Scripting (XSS) - DRUPAL-SA-CONTRIB-2017-071

By Drupal Security Team on 30 Aug 2017 at 17:10 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-071
Project: H5P- Create and Share Rich Content and Applications (third-party module)
Version: 7.x
Date: 2017-August-30
Security risk: 18/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Commerce invoices - Highly Critical - SQL Injection and Cross Site scripting - DRUPAL-SA-CONTRIB-2017-070

By Drupal Security Team on 30 Aug 2017 at 17:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-070
Project: Commerce Invoices (third-party module)
Version: 7.x
Date: 2017-August-30
Security risk: 20/25 ( Highly Critical) AC:None/A:None/CI:All/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, SQL Injection

Update on Views Ajax vulnerability for Drupal 7 Views and Drupal 8 core - PSA-2017-002

Date:

2017-August-17

Advisory ID: DRUPAL-PSA-2017-002
Project: Drupal contributed modules
Version: 7.x, 8.x
Date: 2017-Aug-16

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004

By Drupal Security Team on 16 Aug 2017 at 16:38 UTC

Drupal 8.3.7 is a maintenance release which contain fixes for security vulnerabilities.

Views refresh - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-069

By Drupal Security Team on 16 Aug 2017 at 16:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-069
Project: Views Refresh (third-party module)
Version: 7.x, 8.x
Date: 2017-August-16
Security risk: 17/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

Views - Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068

By Drupal Security Team on 16 Aug 2017 at 15:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-068
Project: Views (third-party module)
Version: 7.x
Date: 2017-August-16
Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Proof/TD:Default

Entity Reference - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-067

By Drupal Security Team on 16 Aug 2017 at 15:35 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-067
Project: Entity reference (third-party module)
Version: 7.x
Date: 2017-August-16
Security risk: 12/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066

By Drupal Security Team on 9 Aug 2017 at 14:53 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-066
Project: Facebook Like Button (third-party module)
Version: 7.x
Date: 2017-August-09
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS