Security advisories | Drupal.org

These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CORE-2014-002 - Drupal core - Information Disclosure

Posted by Drupal Security Team on April 16, 2014 at 7:50pm

Advisory ID: DRUPAL-SA-CORE-2014-002
Project: Drupal core
Version: 6.x, 7.x
Date: 2014-April-16
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on January 15, 2014 at 7:33pm

Advisory ID: DRUPAL-SA-CORE-2014-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2014-January-15
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on November 20, 2013 at 8:41pm

Advisory ID: DRUPAL-SA-CORE-2013-003
Project: Drupal core
Version: 6.x, 7.x
Date: 2013-November-20
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CORE-2013-002 - Drupal core - Denial of service

Posted by Drupal Security Team on February 20, 2013 at 8:50pm

Advisory ID: DRUPAL-SA-CORE-2013-002
Project: Drupal core
Version: 7.x
Date: 2013-February-20
Security risk: Critical
Exploitable from: Remote
Vulnerability: Denial of service

SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on January 16, 2013 at 10:07pm

Advisory ID: DRUPAL-SA-CORE-2013-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2013-January-16
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Access bypass

SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on December 19, 2012 at 6:46pm

Advisory ID: DRUPAL-SA-CORE-2012-004
Project: Drupal core
Version: 6.x, 7.x
Date: 2012-December-19
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass, Arbitrary PHP code execution

SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

Posted by Drupal Security Team on October 17, 2012 at 9:29pm

Advisory ID: DRUPAL-SA-CORE-2012-003
Project: Drupal core
Version: 7.x
Date: 2012-October-17
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Information Disclosure, Arbitrary PHP code execution

SA-CORE-2012-002 - Drupal core multiple vulnerabilities

Posted by Drupal Security Team on May 2, 2012 at 3:17pm

Advisory ID: DRUPAL-SA-CORE-2012-002
Project: Drupal core
Version: 7.x
Date: 2012-May-2
Security risk: Critical
Exploitable from: Remote
Vulnerability: Denial of Service, Access bypass, Unvalidated form redirect

SA-CORE-2012-001 - Drupal core multiple vulnerabilities

Posted by Drupal Security Team on February 1, 2012 at 10:06pm

Advisory ID: DRUPAL-SA-CORE-2012-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2012-February-01
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass, Cross Site Request Forgery, Multiple vulnerabilities

SA-CORE-2011-003 - Drupal core - Access bypass

Posted by Drupal Security Team on July 27, 2011 at 7:32pm

Advisory ID: DRUPAL-SA-CORE-2011-003
Project: Drupal core
Version: 7.x
Date: 2011-July-27
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

Pages

Subscribe with RSS