Skip to main content
Skip to search
Can we use first and third party cookies and web beacons to
understand our audience, and to tailor promotions you see
?
Yes, please
No, do not track me
Drupal.org home
Platform
Drupal Core
Drupal CMS
Drupal 11
Drupal AI
Solutions
Case studies
Fintech
Education
Retail
E-commerce
Healthcare
High Tech
Nonprofit
Government
Travel
Decoupled
Develop
Local Development Guide
Drupal user guide
Installing Drupal
API reference
All Documentation
Download
Download
Modules
Themes
Distributions
Issue queues
Get Support
Drupal CMS User Guide
Drupal user guide
Training
Drupal Slack
Find an Agency Partner
Find a Migration partner
Find Integrations & Hosting
Security Advisories
Connect
About the Community
Community Events
Jobs/Careers
DrupalCon
How to Contribute
Drupal in the News
Sign up for Drupal News
Support Drupal
The Drupal Association
Donate
Become a Partner
Become a Ripple Maker
Become an Organization Member
Drupal Swag Shop
Get Started
Try Drupal CMS
Try Hosting
Return to content
Search form
Search
Log in
Create account
DDEV is the official local development tool of Drupal. And like Drupal, DDEV depends on the support of the open source community.
Learn how to support DDEV
Home
Deprecated
Deprecated - Newsletters
Deprecated - Security advisories for contributed projects
This forum is deprecated —
view current Drupal contributed projects security advisories
Commerce invoices - Highly Critical - SQL Injection and Cross Site scripting - DRUPAL-SA-CONTRIB-2017-070
By
Drupal Security Team
on
30 Aug 2017 at 17:09 UTC
Advisory ID: DRUPAL-SA-CONTRIB-2017-070
Project:
Commerce Invoices
(third-party module)
Version: 7.x
Date: 2017-August-30
Security risk:
20/25 (
Highly Critical
) AC:None/A:None/CI:All/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, SQL Injection
Views refresh - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-069
By
Drupal Security Team
on
16 Aug 2017 at 16:02 UTC
Advisory ID: DRUPAL-SA-CONTRIB-2017-069
Project:
Views Refresh
(third-party module)
Version: 7.x, 8.x
Date: 2017-August-16
Security risk:
17/25 (
Critical
) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass
Views - Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068
By
Drupal Security Team
on
16 Aug 2017 at 15:56 UTC
Advisory ID: DRUPAL-SA-CONTRIB-2017-068
Project:
Views
(third-party module)
Version: 7.x
Date: 2017-August-16
Security risk:
15/25 (
Critical
) AC:None/A:None/CI:Some/II:None/E:Proof/TD:Default
Entity Reference - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-067
By
Drupal Security Team
on
16 Aug 2017 at 15:35 UTC
Advisory ID: DRUPAL-SA-CONTRIB-2017-067
Project:
Entity reference
(third-party module)
Version: 7.x
Date: 2017-August-16
Security risk:
12/25 (
Moderately Critical
) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass
Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066
By
Drupal Security Team
on
9 Aug 2017 at 14:53 UTC
Advisory ID: DRUPAL-SA-CONTRIB-2017-066
Project:
Facebook Like Button
(third-party module)
Version: 7.x
Date: 2017-August-09
Security risk:
13/25 (
Moderately Critical
) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting
Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065
By
Drupal Security Team
on
9 Aug 2017 at 14:04 UTC
Advisory ID: DRUPAL-SA-CONTRIB-2017-065
Project:
Session Cache API
(third-party module)
Version: 7.x, 8.x
Date: 2017-August-09
Security risk:
18/25 (
Critical
) AC:Basic/A:User/CI:All/II:All/E:Proof/TD:Default
Vulnerability: Multiple vulnerabilities
Pages
« first
‹ previous
1
2
3
4
5
6
7
8
9
…
next ›
last »
Subscribe with RSS