Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SMTP - Moderately Critical - Information Disclosure - SA-CONTRIB-2017-055

By Drupal Security Team on 28 Jun 2017 at 13:43 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-055
Project: SMTP Authentication Support (third-party module)
Version: 7.x, 8.x
Date: 2017-June-28
Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Information Disclosure

Services - Critical - SQL Injection - SA-CONTRIB-2017-054

By Drupal Security Team on 28 Jun 2017 at 13:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-054
Project: Services (third-party module)
Version: 7.x
Date: 2017-June-28
Security risk: 19/25 ( Critical) AC:None/A:User/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability: SQL Injection

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003

By Drupal Security Team on 21 Jun 2017 at 17:44 UTC

Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.

Search 404 - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-053

By Drupal Security Team on 21 Jun 2017 at 13:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-053
Project: Search 404 (third-party module)
Version: 7.x
Date: 2017-June-21
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

LDAP - Critical - Data Injection - SA-CONTRIB-2017-052

By Drupal Security Team on 31 May 2017 at 16:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-052
Project: Lightweight Directory Access Protocol (LDAP) (third-party module)
Version: 7.x
Date: 2017-May-31
Security risk: 15/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All
Vulnerability: Multiple vulnerabilities

Site Verify - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-051

By Drupal Security Team on 24 May 2017 at 16:37 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-051
Project: Site verification (third-party module)
Version: 7.x
Date: 2017-May-24
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Default
Vulnerability: Multiple vulnerabilities

Custom Landing Page Builder - Unsupported - SA-CONTRIB-2017-050

By Drupal Security Team on 24 May 2017 at 13:59 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-050
Project: landing_page (third-party module)
Date: 24-May-2017

Display Suite - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-049

By Drupal Security Team on 17 May 2017 at 16:37 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-049
Project: Display Suite (third-party module)
Version: 8.x
Date: 2017-May-17
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Bootstrap - Critical - Information Disclosure - SA-CONTRIB-2017-048

By Drupal Security Team on 17 May 2017 at 16:32 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-048
Project: Bootstrap (third-party module)
Version: 8.x
Date: 2017-May-17
Security risk: 18/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Information Disclosure

DRD Agent - Critical - Multiple vulnerabilities - SA-CONTRIB-2017-047

By Drupal Security Team on 10 May 2017 at 15:48 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-047
Project: DRD agent (third-party module)
Version: 6.x, 7.x, 8.x
Date: 2017-May-10
Security risk: 19/25 ( Critical) AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery, Open Redirect

Pages

Subscribe with RSS