Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Drupal Remote Dashboard - Critical - Weak encryption keys - SA-CONTRIB-2017-046

By Drupal Security Team on 10 May 2017 at 15:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-046
Project: Drupal Remote Dashboard (third-party module)
Version: 7.x, 8.x
Date: 2017-May-10
Security risk: 17/25 ( Critical) AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass, Information Disclosure

Webform Multiple file upload - Moderately Critical - Access bypass - SA-CONTRIB-2017-045

By Drupal Security Team on 10 May 2017 at 14:19 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-045
Project: Webform Multiple File Upload (third-party module)
Version: 7.x
Date: 2017-May-10
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass

Media - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-044

By Drupal Security Team on 10 May 2017 at 12:52 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-044
Project: Media (third-party module)
Version: 7.x
Date: 2017-May-10
Security risk: 16/25 ( Critical) AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability: Information Disclosure, Arbitrary PHP code execution, Multiple vulnerabilities

shib_auth Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-043

By Drupal Security Team on 3 May 2017 at 15:35 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-043
Project: Shibboleth authentication (third-party module)
Version: 7.x
Date: 2017-May-03
Security risk: 13/25 ( Moderately Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass, Information Disclosure

Drupal Core - Critical - Access Bypass - SA-CORE-2017-002

By Drupal Security Team on 19 Apr 2017 at 17:13 UTC

Advisory ID: DRUPAL-SA-CORE-2017-002
Project: Drupal core
Version: 8.x
Date: 2017-April-19
CVEID: CVE-2017-6919
Security risk: 17/25 ( Critical) AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability: Access bypass

Drupal 8 core upcoming critical release - PSA-2017-001

Date:

2017-April-17

Advisory ID: DRUPAL-PSA-2017-001
Project: Drupal core
Version: 8.x
Date: 2017-Apr-17

Media - Critical - 1.x branch unsupported - SA-CONTRIB-2017-042

By Drupal Security Team on 12 Apr 2017 at 19:48 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-042
Project: Media (third-party module)
Date: 12-Apr-2017

Open Atrium - Moderately critical - Information Disclosure - SA-CONTRIB-2017-041

By Drupal Security Team on 12 Apr 2017 at 18:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-041
Project: Open Atrium Core (third-party module), OA Comment (third-party module)
Version: 7.x
Date: 2017-April-12
Security risk: 11/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Information Disclosure

@Base - Critical - Unsupported - SA-CONTRIB-2017-040

By Drupal Security Team on 12 Apr 2017 at 17:21 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-040
Project: @Base (third-party module)
Date: 2017-April-12

Scheduler Workbench Integration - Critical - Unsupported - SA-CONTRIB-2017-39

By Drupal Security Team on 12 Apr 2017 at 17:03 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-39
Project: Scheduler Workbench Integration (third-party module)
Date: 12-Apr-2017

Pages

Subscribe with RSS