Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Webform Multiple File Upload - Critical - Remote Code Execution - SA-CONTRIB-2016-038

By Drupal Security Team on 13 Jul 2016 at 14:58 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-038
Project: Webform Multiple File Upload (third-party module)
Version: 7.x
Date: 2016-July-13
Security risk: 17/25 ( Critical) AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability: Arbitrary PHP code execution

Drupal contrib - Highly Critical - Remote code execution - PSA-2016-001

Date:

2016-July-12

Advisory ID: DRUPAL-PSA-2016-001
Project: Drupal contributed modules
Version: 7.x
Date: 2016-July-12
Security risk: 22/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: Arbitrary PHP code execution

Instagram Block - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-037

By Drupal Security Team on 6 Jul 2016 at 13:33 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-037
Project: Instagram Block (third-party module)
Version: 7.x, 8.x
Date: 2016-July-06
Security risk: 12/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Proof/TD:All
Vulnerability: Information Disclosure

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002

By Drupal Security Team on 15 Jun 2016 at 18:45 UTC

Advisory ID: DRUPAL-SA-CORE-2016-002
Project: Drupal core
Version: 7.x, 8.x
Date: 2016-June-15
Security risk: 11/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass, Multiple vulnerabilities

Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036

By Drupal Security Team on 15 Jun 2016 at 18:42 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-036
Project: Views (third-party module)
Version: 7.x
Date: 2016-June-15
Security risk: 7/25 ( Less Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass

Outline Designer - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-035

By Drupal Security Team on 8 Jun 2016 at 17:21 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-035
Project: Outline Designer (third-party module)
Version: 7.x
Date: 2016-June-08
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Node Embed - Less critical - Denial of Service - SA-CONTRIB-2016-034

By Drupal Security Team on 8 Jun 2016 at 14:23 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-034
Project: Node Embed (third-party module)
Version: 7.x
Date: 2016-June-08
Security risk: 5/25 ( Less Critical) AC:Complex/A:User/CI:None/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Denial of Service

Page Manager Search - Moderately Critical - Information disclosure - SA-CONTRIB-2016-032

By Drupal Security Team on 8 Jun 2016 at 13:58 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-032
Project: Page manager search (third-party module)
Version: 7.x
Date: 2016-June-08
Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Information Disclosure

REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033

By Drupal Security Team on 8 Jun 2016 at 13:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-033
Project: REST/JSON (third-party module)
Version: 7.x
Date: 2016-June-08
Security risk: 19/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Proof/TD:All
Vulnerability: Access bypass, Information Disclosure, Multiple vulnerabilities

Opening hours - Moderately Critical - XSS - SA-CONTRIB-2016-031

By Drupal Security Team on 1 Jun 2016 at 13:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-031
Project: Opening hours (third-party module)
Version: 7.x
Date: 2016-June-01
Security risk: 12/25 ( Moderately Critical) AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS

Webform Multiple File Upload - Critical - Remote Code Execution - SA-CONTRIB-2016-038

Drupal contrib - Highly Critical - Remote code execution - PSA-2016-001

Instagram Block - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-037

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002

Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036

Outline Designer - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-035

Node Embed - Less critical - Denial of Service - SA-CONTRIB-2016-034

Page Manager Search - Moderately Critical - Information disclosure - SA-CONTRIB-2016-032

REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033

Opening hours - Moderately Critical - XSS - SA-CONTRIB-2016-031

Pages

News items

Our community

Documentation

Drupal code base

Governance of community