Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

Commerce invoices - Highly Critical - SQL Injection and Cross Site scripting - DRUPAL-SA-CONTRIB-2017-070

By Drupal Security Team on 30 Aug 2017 at 17:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-070
Project: Commerce Invoices (third-party module)
Version: 7.x
Date: 2017-August-30
Security risk: 20/25 ( Highly Critical) AC:None/A:None/CI:All/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, SQL Injection

Views refresh - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-069

By Drupal Security Team on 16 Aug 2017 at 16:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-069
Project: Views Refresh (third-party module)
Version: 7.x, 8.x
Date: 2017-August-16
Security risk: 17/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

Views - Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068

By Drupal Security Team on 16 Aug 2017 at 15:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-068
Project: Views (third-party module)
Version: 7.x
Date: 2017-August-16
Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Proof/TD:Default

Entity Reference - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-067

By Drupal Security Team on 16 Aug 2017 at 15:35 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-067
Project: Entity reference (third-party module)
Version: 7.x
Date: 2017-August-16
Security risk: 12/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066

By Drupal Security Team on 9 Aug 2017 at 14:53 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-066
Project: Facebook Like Button (third-party module)
Version: 7.x
Date: 2017-August-09
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065

By Drupal Security Team on 9 Aug 2017 at 14:04 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-065
Project: Session Cache API (third-party module)
Version: 7.x, 8.x
Date: 2017-August-09
Security risk: 18/25 ( Critical) AC:Basic/A:User/CI:All/II:All/E:Proof/TD:Default
Vulnerability: Multiple vulnerabilities

Pages

Subscribe with RSS