Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Update on Views Ajax vulnerability for Drupal 7 Views and Drupal 8 core - PSA-2017-002

Date:

2017-August-17

Advisory ID: DRUPAL-PSA-2017-002
Project: Drupal contributed modules
Version: 7.x, 8.x
Date: 2017-Aug-16

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004

By Drupal Security Team on 16 Aug 2017 at 16:38 UTC

Drupal 8.3.7 is a maintenance release which contain fixes for security vulnerabilities.

Views refresh - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-069

By Drupal Security Team on 16 Aug 2017 at 16:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-069
Project: Views Refresh (third-party module)
Version: 7.x, 8.x
Date: 2017-August-16
Security risk: 17/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

Views - Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068

By Drupal Security Team on 16 Aug 2017 at 15:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-068
Project: Views (third-party module)
Version: 7.x
Date: 2017-August-16
Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Proof/TD:Default

Entity Reference - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-067

By Drupal Security Team on 16 Aug 2017 at 15:35 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-067
Project: Entity reference (third-party module)
Version: 7.x
Date: 2017-August-16
Security risk: 12/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066

By Drupal Security Team on 9 Aug 2017 at 14:53 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-066
Project: Facebook Like Button (third-party module)
Version: 7.x
Date: 2017-August-09
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065

By Drupal Security Team on 9 Aug 2017 at 14:04 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-065
Project: Session Cache API (third-party module)
Version: 7.x, 8.x
Date: 2017-August-09
Security risk: 18/25 ( Critical) AC:Basic/A:User/CI:All/II:All/E:Proof/TD:Default
Vulnerability: Multiple vulnerabilities

Better field descriptions - Critical - XSS - SA-CONTRIB-2017-064

By Drupal Security Team on 9 Aug 2017 at 13:51 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-064
Project: Better field descriptions (third-party module)
Version: 7.x
Date: 2017-Aug-09
Security risk: 16/25 ( Critical) AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Relation - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-063

By Drupal Security Team on 9 Aug 2017 at 13:46 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-063
Project: Relation (third-party module)
Version: 7.x
Date: 2017-August-09
Security risk: 14/25 ( Moderately Critical) AC:None/A:User/CI:Some/II:None/E:Exploit/TD:Uncommon
Vulnerability: Access bypass

services_views - Unsupported - SA-CONTRIB-2017-062

By Drupal Security Team on 2 Aug 2017 at 14:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-062
Project: services_views (third-party module)
Date: 2-Aug-2017

Pages

Subscribe with RSS