Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Hosting - Less Critical - Access bypass - SA-CONTRIB-2016-046

By Drupal Security Team on 17 Aug 2016 at 13:35 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-046
Project: Hosting (third-party module)
Version: 7.x
Date: 2016-August-17
Security risk: 9/25 ( Less Critical) AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass

Require Login - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2016-045

By Drupal Security Team on 10 Aug 2016 at 15:08 UTC

Advisory ID: SA-CONTRIB-2016-045
Project: Require Login (third-party module)
Version: 7.x, 8.x
Date: 2016-August-10
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Access bypass

OAuth2 Client- Moderately Critical - Cross Site Request Forgery - SA-CONTRIB-2016-044

By Drupal Security Team on 10 Aug 2016 at 13:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-044
Project: OAuth2 Client (third-party module)
Version: 7.x
Date: 2016-August-10
Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:None/II:None/E:Proof/TD:All
Vulnerability: Cross Site Request Forgery

Piwik - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2016-043

By Drupal Security Team on 10 Aug 2016 at 13:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-043
Project: Piwik Web Analytics (third-party module)
Version: 7.x, 8.x
Date: 2016-August-10
Security risk: 13/25 ( Moderately Critical) AC:None/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Cross Site Scripting

Google Analytics - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2016-042

By Drupal Security Team on 10 Aug 2016 at 13:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-042
Project: Google Analytics (third-party module)
Version: 7.x, 8.x
Date: 2016-August-10
Security risk: 13/25 ( Moderately Critical) AC:None/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Cross Site Scripting

Administration Views - Critical - Access bypass - SA-CONTRIB-2016-041

By Drupal Security Team on 3 Aug 2016 at 16:42 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-041
Project: Administration Views (third-party module)
Version: 7.x
Date: 2016-August-03
Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:None/E:Exploit/TD:All
Vulnerability: Access bypass

Drupal Core - Highly Critical - Injection - SA-CORE-2016-003

By Drupal Security Team on 18 Jul 2016 at 13:53 UTC

Advisory ID: DRUPAL-SA-CORE-2016-003
Project: Drupal core
Version: 8.x
Date: 2016-July-18
Security risk: 20/25 ( Highly Critical) AC:Basic/A:None/CI:All/II:All/E:Proof/TD:Default
Vulnerability: Injection

Drupal 8.x core release on Monday - PSA-2016-002

Date:

2016-July-17

Advisory ID: DRUPAL-PSA-2016-002
Project: Drupal
Version: 8.x
Date: 2016-July-17
Security risk: TBD
Vulnerability: TBD

RESTWS - Highly critical - Remote code execution - SA-CONTRIB-2016-040

By Drupal Security Team on 13 Jul 2016 at 15:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-040
Project: RESTful Web Services (third-party module)
Version: 7.x
Date: 2016-July-13
Security risk: 22/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: Arbitrary PHP code execution

Coder - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-039

By Drupal Security Team on 13 Jul 2016 at 14:59 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-039
Project: Coder (third-party module)
Version: 7.x
Date: 2016-July-13
Security risk: 20/25 ( Highly Critical) AC:Basic/A:None/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: Arbitrary PHP code execution

Pages

Subscribe with RSS