Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2014-059 - Touch Theme - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-059
  • Project: Touch (third-party module)
  • Version: 7.x
  • Date: 2014-June-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CONTRIB-2014-058 - Webserver Auth - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-058
  • Project: Webserver authentication (third-party module)
  • Version: 7.x
  • Date: 2014-May-28
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Drupal core - Information disclosure - PSA-2014-002

Date: 
2014-May-21
  • Advisory ID: DRUPAL-PSA-2014-002
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2014-May-21
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

SA-CONTRIB-2014-057 - Password policy - General logic error

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-057
  • Project: Password policy (third-party module)
  • Version: 7.x
  • Date: 2014-May-21
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: General logic error
Categories: Drupal 7.x

SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-056
  • Project: Commerce Moneris (third-party module)
  • Version: 7.x
  • Date: 2014-May-21
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

SA-CONTRIB-2014-055 - Require Login - Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-055
  • Project: Require Login (third-party module)
  • Version: 7.x
  • Date: 2014-May-21
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2014-054 - Views - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-054
  • Project: Views (third-party module)
  • Version: 7.x
  • Date: 2014-May-21
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2014-053 - Field API Tab Editor (FATE) - Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-053
  • Project: Field API Tab Editor (third-party module)
  • Version: 7.x
  • Date: 2014-May-14
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2014-052 - AddressField Tokens - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-052
  • Project: Addressfield Tokens (third-party module)
  • Version: 7.x
  • Date: 2014-May-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CONTRIB-2014-051 - Realname Registration - Information Disclosure

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2014-051
  • Project: Realname registration (third-party module)
  • Version: 6.x, 7.x
  • Date: 2014-05-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure
Categories: Drupal 6.x, Drupal 7.x

Pages

Subscribe with RSS Subscribe to Security advisories