Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

Fieldable Panels Panes - Moderately Critical - XSS - SA-CONTRIB-2016-025

By Drupal Security Team on 4 May 2016 at 16:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-025
Project: Fieldable Panels Panes (FPP) (third-party module)
Version: 7.x
Date: 2016-May-04
Security risk: 10/25 ( Moderately Critical) AC:Complex/A:User/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

EPSA Crop - Image Cropping - Critical -XSS - SA-CONTRIB-2016-024 - Unsupported

By Drupal Security Team on 20 Apr 2016 at 16:51 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-024
Project: EPSA Crop - Image Cropping (third-party module)
Version: 7.x
Date: 2016-April-20
Security risk: 18/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

Organic groups - Moderately Critical - Access bypass - DRUPAL-SA-CONTRIB-2016-023

By Drupal Security Team on 20 Apr 2016 at 14:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-023
Project: Organic groups (third-party module)
Version: 7.x
Date: 2016-April-20
Security risk: 12/25 ( Moderately Critical) AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass

Search API - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-022

By Drupal Security Team on 20 Apr 2016 at 13:31 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-022
Project: Search API (third-party module)
Version: 7.x
Date: 2016-April-20
Security risk: 11/25 ( Moderately Critical) AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Information Disclosure, Cross Site Scripting, Access bypass

Boost - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-021

By Drupal Security Team on 13 Apr 2016 at 18:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-021
Project: Boost (third-party module)
Version: 7.x
Date: 2016-April-13
Security risk: 11/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Information Disclosure

Features - Less Critical - Denial of Service (DoS) - SA-CONTRIB-2016-020

By Drupal Security Team on 13 Apr 2016 at 15:50 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-020
Project: Features (third-party module)
Version: 7.x
Date: 2016-April-13
Security risk: 7/25 ( Less Critical) AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery, Denial of Service

Pages

Subscribe with RSS