Deprecated - Security advisories for contributed projects | Drupal.org

This forum is deprecated — view current Drupal contributed projects security advisories

Auto Login URL - Less Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-034

By Drupal Security Team on 5 Apr 2017 at 14:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-034
Project: Auto Login URL (third-party module)
Version: 7.x, 8.x
Date: 2017-April-05
Security risk: 8/25 ( Less Critical) AC:Complex/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

Linkit - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-033

By Drupal Security Team on 22 Mar 2017 at 16:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-033
Project: Linkit- Enriched linking experience (third-party module)
Version: 8.x
Date: 2017-March-22
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

Office Hours - Moderately Critical - Cross Site Scripting - DRUPAL-SA-CONTRIB-2017-032

By Drupal Security Team on 22 Mar 2017 at 16:37 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-032
Project: Office Hours (third-party module)
Version: 7.x
Date: 2017-March-22
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:Admin/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Private - Critical - Access bypass - DRUPAL-SA-CONTRIB-2017-031

By Drupal Security Team on 15 Mar 2017 at 18:15 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-031
Project: Private (third-party module)
Version: 7.x
Date: 2017-March-15
Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass

PRLP - Critical - Access Bypass and Privilege Escalation - SA-CONTRIB-2017-030

By Drupal Security Team on 8 Mar 2017 at 17:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-030
Project: Password Reset Landing Page (PRLP) (third-party module)
Version: 8.x
Date: 2017-March-08
Security risk: 16/25 ( Critical) AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Access bypass, Privilege escalation

Services - Highly Critical - Arbitrary Code Execution - SA-CONTRIB-2017-029

By Drupal Security Team on 8 Mar 2017 at 15:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-029
Project: Services (third-party module)
Version: 7.x
Date: 2017-March-08
Security risk: 21/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability: Arbitrary PHP code execution

Pages

Subscribe with RSS