Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

USASearch - Moderately Critical - Access Bypass - SA-CONTRIB-2016-010

By Drupal Security Team on 2 Mar 2016 at 14:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-010
Project: DigitalGov Search (machine name: USASearch) (third-party module)
Version: 7.x
Date: 2016-March-02
Security risk: 11/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:None/E:Proof/TD:All
Vulnerability: Access bypass

Prepopulate - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-009

By Drupal Security Team on 2 Mar 2016 at 13:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-009
Project: Prepopulate (third-party module)
Version: 7.x
Date: 2016-March-02
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Multiple vulnerabilities

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001

By Drupal Security Team on 24 Feb 2016 at 17:33 UTC

Advisory ID: SA-CORE-2016-001
Project: Drupal core
Version: 6.x, 7.x, 8.x
Date: 2016-February-24
Security risk: 15/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All
Vulnerability: Multiple vulnerabilities

FileField - Denial of Service - SA-CONTRIB-2016-008

By Drupal Security Team on 24 Feb 2016 at 15:03 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-008
Project: FileField (third-party module)
Version: 6.x
Date: 2016-February-24
Security risk: 11/25 ( Moderately Critical) AC:Complex/A:User/CI:None/II:Some/E:Proof/TD:All
Vulnerability: Denial of Service

Nodejs - Access bypass - Moderately Critical -- DRUPAL-SA-CONTRIB-2016-007

By Drupal Security Team on 17 Feb 2016 at 18:00 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-007
Project: Node.js integration (third-party module)
Version: 7.x, 8.x
Date: 2016-February-17
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Information Disclosure

Commerce Authorize.Net SIM/DPM Payment Methods - Access Bypass - DRUPAL-SA-CONTRIB-2016-006

By Drupal Security Team on 17 Feb 2016 at 17:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-006
Project: Commerce Authorize.Net SIM/DPM Payment Methods (third-party module)
Version: 7.x
Date: 2016-February-17
Security risk: 15/25 ( Critical) AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Access bypass

CAS - Moderately Critical - Information Disclosure - DRUPAL-SA-CONTRIB-2016-005

By Drupal Security Team on 10 Feb 2016 at 21:16 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-005
Project: CAS (third-party module)
Version: 7.x
Date: 2016-February-10
Security risk: 12/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Proof/TD:All
Vulnerability: Information Disclosure

Embedded Media Field - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2016-004

By Drupal Security Team on 10 Feb 2016 at 21:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-004
Project: Embedded Media Field (third-party module)
Version: 6.x
Date: 2016-February-10
Security risk: 19/25 ( Critical) AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Open Atrium - Moderately Critical - Access Bypass - SA-CONTRIB-2016-003

By Drupal Security Team on 27 Jan 2016 at 16:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-003
Project: Open Atrium (third-party module)
Version: 7.x
Date: 2016-January-27
Security risk: 13/25 ( Moderately Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass

RedHen CRM - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-002

By Drupal Security Team on 13 Jan 2016 at 20:21 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-002
Project: RedHen CRM (third-party module)
Version: 7.x
Date: 2016-January-13
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS

USASearch - Moderately Critical - Access Bypass - SA-CONTRIB-2016-010

Prepopulate - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-009

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001

FileField - Denial of Service - SA-CONTRIB-2016-008

Nodejs - Access bypass - Moderately Critical -- DRUPAL-SA-CONTRIB-2016-007

Commerce Authorize.Net SIM/DPM Payment Methods - Access Bypass - DRUPAL-SA-CONTRIB-2016-006

CAS - Moderately Critical - Information Disclosure - DRUPAL-SA-CONTRIB-2016-005

Embedded Media Field - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2016-004

Open Atrium - Moderately Critical - Access Bypass - SA-CONTRIB-2016-003

RedHen CRM - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-002

Pages

News items

Our community

Documentation

Drupal code base

Governance of community