Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

Alinks - Moderately Critical -Access bypass - SA-CONTRIB-2017-058

By Drupal Security Team on 2 Aug 2017 at 14:00 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-058
Project: Alinks (third-party module)
Version: 8.x
Date: 2017-August-02
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Access bypass

DrupalChat - Critical - Multiple vulnerabilities - SA-CONTRIB-2017-057

By Drupal Security Team on 5 Jul 2017 at 16:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-057
Project: DrupalChat (third-party module)
Version: 7.x
Date: 2017-July-05
Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

OAuth - Critical - Access Bypass - SA-CONTRIB-2017-056

By Drupal Security Team on 5 Jul 2017 at 16:17 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-056
Project: OAuth (third-party module)
Version: 8.x
Date: 2017-July-05
Security risk: 15/25 ( Critical) AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Access bypass

SMTP - Moderately Critical - Information Disclosure - SA-CONTRIB-2017-055

By Drupal Security Team on 28 Jun 2017 at 13:43 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-055
Project: SMTP Authentication Support (third-party module)
Version: 7.x, 8.x
Date: 2017-June-28
Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Information Disclosure

Services - Critical - SQL Injection - SA-CONTRIB-2017-054

By Drupal Security Team on 28 Jun 2017 at 13:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-054
Project: Services (third-party module)
Version: 7.x
Date: 2017-June-28
Security risk: 19/25 ( Critical) AC:None/A:User/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability: SQL Injection

Search 404 - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-053

By Drupal Security Team on 21 Jun 2017 at 13:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-053
Project: Search 404 (third-party module)
Version: 7.x
Date: 2017-June-21
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS