Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-011
  • Project: Push Notifications (third-party module)
  • Version: 7.x
  • Date: 2014-February-05
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

SA-CONTRIB-2014-010 - Services - Access Bypass and Privilege Escalation

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-010
  • Project: Services (third-party module)
  • Version: 7.x
  • Date: 2014-February-05
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-009
  • Project: Tagadelic (third-party module)
  • Version: 6.x
  • Date: 2014-February-05
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

SA-CONTRIB-2014-008 - Tribune - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-008
  • Project: Tribune (third-party module)
  • Version: 6.x, 7.x
  • Date: 2014-January-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-007 - Services - Multiple access bypass vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-007
  • Project: Services (third-party module)
  • Version: 7.x
  • Date: 2014-January-29
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Multiple access bypass vulnerabilities

SA-CONTRIB-2014-006 - Language Switcher Dropdown - Open Redirect

SA-CONTRIB-2014-005 - Leaflet - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-005
  • Project: Leaflet (third-party module)
  • Version: 7.x
  • Date: 2014-January-22
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-004
  • Project: Secure Cookie Data (third-party module)
  • Version: 7.x
  • Date: 2014-January-22
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure, Multiple vulnerabilities

SA-CONTRIB-2014-003 - Doubleclick for Publishers DFP - Cross Site Scripting (XSS)

SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-002
  • Project: Anonymous Posting (third-party module)
  • Version: 7.x
  • Date: 2014-01-15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects