Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Tripal BLAST UI - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-054

By Drupal Security Team on 26 Oct 2016 at 16:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-054
Project: Tripal BLAST UI (third-party module)
Version: 7.x
Date: 2016-October-26
Security risk: 20/25 ( Highly Critical) AC:Basic/A:None/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: Remote code execution

Webform - Less Critical - Access Bypass - SA-CONTRIB-2016-053

By Drupal Security Team on 19 Oct 2016 at 14:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-053
Project: Webform (third-party module)
Version: 7.x
Date: 2016-October-19
Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

Elysia Cron - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-052

By Drupal Security Team on 12 Oct 2016 at 14:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-052
Project: Elysia Cron (third-party module)
Version: 7.x
Date: 2016-October-12
Security risk: 11/25 ( Moderately Critical) AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Drupal file upload by anonymous or untrusted users into public file systems - PSA-2016-003

Date:

2016-October-10

Advisory ID: DRUPAL-PSA-2016-003
Project: Drupal core
Version: 7.x, 8.x
Date: 2016-October-10
Security risk: 20/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Exploit/TD:All

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004

By Drupal Security Team on 21 Sep 2016 at 16:35 UTC

Advisory ID: DRUPAL-SA-CORE-2016-004
Project: Drupal core
Version:li 8.x
Date: 2016-September-21
Security risk: 18/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Default

Flag Lists - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2016-051

By Drupal Security Team on 7 Sep 2016 at 17:45 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-051
Project: Flag Lists (third-party module)
Version: 7.x
Date: 2016-September-07
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Flag - Moderately Critical - Access Bypass - SA-CONTRIB-2016-050

By Drupal Security Team on 31 Aug 2016 at 17:23 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-050
Project: Flag (third-party module)
Version: 7.x
Date: 2016-August-31
Security risk: 12/25 ( Moderately Critical) AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Information Disclosure

Workbench Scheduler - Moderately Critical - Access Bypass - SA-CONTRIB-2016-049

By Drupal Security Team on 24 Aug 2016 at 14:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-049
Project: Workbench Scheduler (third-party module)
Version: 7.x
Date: 2016-August-24
Security risk: 13/25 ( Moderately Critical) AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Access bypass

Panelizer - Moderately Critical - Access Bypass - SA-CONTRIB-2016-048

By Drupal Security Team on 17 Aug 2016 at 17:13 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-048
Project: Panelizer (third-party module)
Version: 7.x
Date: 2016-August-17
Security risk: 12/25 ( Moderately Critical) AC:None/A:User/CI:None/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass

Panels - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-047

By Drupal Security Team on 17 Aug 2016 at 16:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-047
Project: Panels (third-party module)
Version: 7.x
Date: 2016-August-17
Security risk: 15/25 ( Critical) AC:None/A:None/CI:All/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass, Information Disclosure

Pages

Subscribe with RSS