Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Shibboleth authentication - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129

By Drupal Security Team on 24 Jun 2015 at 17:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-129
Project: Shibboleth authentication (third-party module)
Version: 6.x, 7.x
Date: 2015-June-24
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

me aliases - Moderately Critical - Access Bypass - SA-CONTRIB-2015-128

By Drupal Security Team on 24 Jun 2015 at 15:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-128
Project: me aliases (third-party module)
Version: 6.x, 7.x
Date: 2015-June-24
Security risk: 11/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass

HybridAuth Social Login - Less Critical - Access bypass - SA-CONTRIB-2015-127

By Drupal Security Team on 24 Jun 2015 at 14:55 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-127
Project: HybridAuth Social Login (third-party module)
Version: 7.x
Date: 2015-June-24
Security risk: 8/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass

Content Construction Kit (CCK) - Less Critical - Open Redirect - SA-CONTRIB-2015-126

By Drupal Security Team on 17 Jun 2015 at 18:50 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-126
Project: Content Construction Kit (CCK) (third-party module)
Version: 6.x
Date: 2015-June-17
Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Open Redirect

Acquia Cloud Site Factory Connector - Less Critical - Open Redirect - SA-CONTRIB-2015-125

By Drupal Security Team on 17 Jun 2015 at 18:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-125
Project: Acquia Cloud Site Factory Connector (third-party module)
Version: 7.x
Date: 2015-June-17
Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Open Redirect

LABjs - Less Critical - Open Redirect - SA-CONTRIB-2015-124

By Drupal Security Team on 17 Jun 2015 at 18:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-124
Project: LABjs (third-party module)
Version: 7.x
Date: 2015-June-17
Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Open Redirect

jQuery Update - Less Critical - Open Redirect - SA-CONTRIB-2015-123

By Drupal Security Team on 17 Jun 2015 at 18:33 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-123
Project: jQuery Update (third-party module)
Version: 7.x
Date: 2015-June-17
Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Open Redirect

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-002

By Drupal Security Team on 17 Jun 2015 at 16:12 UTC

Advisory ID: DRUPAL-SA-CORE-2015-002
Project: Drupal core
Version: 6.x, 7.x
Date: 2015-June-17
Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass, Information Disclosure, Open Redirect, Multiple vulnerabilities

Administration Views - Moderately Critical - Access Bypass - SA-CONTRIB-2015-122

By Drupal Security Team on 17 Jun 2015 at 15:58 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-122
Project: Administration Views (third-party module)
Version: 7.x
Date: 2015-June-17
Security risk: 12/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass

The eXtensible Catalog (XC) Drupal Toolkit - Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-121

By Drupal Security Team on 17 Jun 2015 at 15:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-121
Project: The eXtensible Catalog (XC) Drupal Toolkit (third-party module)
Version: 6.x, 7.x
Date: 2015-June-17
Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Request Forgery

Pages

Subscribe with RSS

Shibboleth authentication - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129

me aliases - Moderately Critical - Access Bypass - SA-CONTRIB-2015-128

HybridAuth Social Login - Less Critical - Access bypass - SA-CONTRIB-2015-127

Content Construction Kit (CCK) - Less Critical - Open Redirect - SA-CONTRIB-2015-126

Acquia Cloud Site Factory Connector - Less Critical - Open Redirect - SA-CONTRIB-2015-125

LABjs - Less Critical - Open Redirect - SA-CONTRIB-2015-124

jQuery Update - Less Critical - Open Redirect - SA-CONTRIB-2015-123

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-002

Administration Views - Moderately Critical - Access Bypass - SA-CONTRIB-2015-122

The eXtensible Catalog (XC) Drupal Toolkit - Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-121

Pages

News items

Our community

Documentation

Drupal code base

Governance of community