Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Inline Entity Form - Less critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-120

By Drupal Security Team on 17 Jun 2015 at 15:13 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-120
Project: Inline Entity Form (third-party module)
Version: 7.x
Date: 2015-June-17
Security risk: 7/25 ( Less Critical) AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Apache Solr Real-Time - Critical - Access Bypass - SA-CONTRIB-2015-119

By Drupal Security Team on 17 Jun 2015 at 14:48 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-119
Project: Apache Solr Real-Time (third-party module)
Version: 7.x
Date: 2015-June-17
Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass

HTTP Strict Transport Security - Moderately Critical - Logical Error - SA-CONTRIB-2015-118

By Drupal Security Team on 17 Jun 2015 at 14:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-118
Project: HTTP Strict Transport Security (third-party module)
Version: 6.x, 7.x
Date: 2015-June-17
Security risk: 12/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Multiple vulnerabilities

Novalnet Payment Module Drupal Commerce - Critical - SQL Injection - Unsupported - SA-CONTRIB-2015-117

By Drupal Security Team on 3 Jun 2015 at 16:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-117
Project: Novalnet Payment Module- Drupal Commerce (third-party module)
Version: 7.x
Date: 2015-June-03
Security risk: 15/25 ( Critical) AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: SQL Injection

Novalnet Payment Module Ubercart - Critical - SQL Injection - Unsupported - SA-CONTRIB-2015-116

By Drupal Security Team on 3 Jun 2015 at 16:22 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-116
Project: Novalnet Payment Module- Ubercart (third-party module)
Version: 6.x, 7.x
Date: 2015-June-03
Security risk: 15/25 ( Critical) AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: SQL Injection

Chamilo integration - Less Critical - Open Redirect - SA-CONTRIB-2015-115

By Drupal Security Team on 27 May 2015 at 17:51 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-115
Project: Chamilo integration (third-party module)
Version: 7.x
Date: 2015-May-27
Security risk: 8/25 ( Less Critical) AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Open Redirect

Storage API - Moderately Critical - Access Bypass - SA-CONTRIB-2015-114

By Drupal Security Team on 27 May 2015 at 17:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-114
Project: Storage API (third-party module)
Version: 7.x
Date: 2015-May-27
Security risk: 13/25 ( Moderately Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass

Aegir - Moderately Critical - Code Execution Prevention - SA-CONTRIB-2015-113

By Drupal Security Team on 20 May 2015 at 19:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-113
Project: Hostmaster (Aegir) (third-party module)
Version: 6.x, 7.x
Date: 2015-May-20
Security risk: 13/25 ( Moderately Critical) AC:Complex/A:Admin/CI:All/II:Some/E:Theoretical/TD:Default
Vulnerability: Arbitrary PHP code execution

Navigate - Moderately Critical - Multiple Vulnerabilities - Unsupported - SA-CONTRIB-2015-112

By Drupal Security Team on 20 May 2015 at 17:37 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-012
Project: Navigate (third-party module)
Version: 6.x, 7.x
Date: 2015-May-20
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting, Access bypass

Shipwire - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-111

By Drupal Security Team on 20 May 2015 at 17:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-111
Project: Shipwire (third-party module)
Version: 7.x
Date: 2015-May-20
Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Information Disclosure

Pages

Subscribe with RSS

Inline Entity Form - Less critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-120

Apache Solr Real-Time - Critical - Access Bypass - SA-CONTRIB-2015-119

HTTP Strict Transport Security - Moderately Critical - Logical Error - SA-CONTRIB-2015-118

Novalnet Payment Module Drupal Commerce - Critical - SQL Injection - Unsupported - SA-CONTRIB-2015-117

Novalnet Payment Module Ubercart - Critical - SQL Injection - Unsupported - SA-CONTRIB-2015-116

Chamilo integration - Less Critical - Open Redirect - SA-CONTRIB-2015-115

Storage API - Moderately Critical - Access Bypass - SA-CONTRIB-2015-114

Aegir - Moderately Critical - Code Execution Prevention - SA-CONTRIB-2015-113

Navigate - Moderately Critical - Multiple Vulnerabilities - Unsupported - SA-CONTRIB-2015-112

Shipwire - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-111

Pages

News items

Our community

Documentation

Drupal code base

Governance of community