Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

Drupal Remote Dashboard - Critical - Weak encryption keys - SA-CONTRIB-2017-046

By Drupal Security Team on 10 May 2017 at 15:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-046
Project: Drupal Remote Dashboard (third-party module)
Version: 7.x, 8.x
Date: 2017-May-10
Security risk: 17/25 ( Critical) AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass, Information Disclosure

Webform Multiple file upload - Moderately Critical - Access bypass - SA-CONTRIB-2017-045

By Drupal Security Team on 10 May 2017 at 14:19 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-045
Project: Webform Multiple File Upload (third-party module)
Version: 7.x
Date: 2017-May-10
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass

Media - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-044

By Drupal Security Team on 10 May 2017 at 12:52 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-044
Project: Media (third-party module)
Version: 7.x
Date: 2017-May-10
Security risk: 16/25 ( Critical) AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability: Information Disclosure, Arbitrary PHP code execution, Multiple vulnerabilities

shib_auth Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-043

By Drupal Security Team on 3 May 2017 at 15:35 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-043
Project: Shibboleth authentication (third-party module)
Version: 7.x
Date: 2017-May-03
Security risk: 13/25 ( Moderately Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass, Information Disclosure

Media - Critical - 1.x branch unsupported - SA-CONTRIB-2017-042

By Drupal Security Team on 12 Apr 2017 at 19:48 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-042
Project: Media (third-party module)
Date: 12-Apr-2017

Open Atrium - Moderately critical - Information Disclosure - SA-CONTRIB-2017-041

By Drupal Security Team on 12 Apr 2017 at 18:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-041
Project: Open Atrium Core (third-party module), OA Comment (third-party module)
Version: 7.x
Date: 2017-April-12
Security risk: 11/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Information Disclosure

Pages

Subscribe with RSS