Security advisories

These posts by the Drupal security team are also sent to the security announcements e-mail list.

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004

Posted by Drupal Security Team on September 21, 2016 at 4:35pm

Description

Users who have rights to edit a node, can set the visibility on comments for that node.

Advisory ID: DRUPAL-SA-CORE-2016-004
Project: Drupal core
Version:li 8.x
Date: 2016-September-21
Security risk: 18/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Default
Vulnerability:

Drupal Core - Highly Critical - Injection - SA-CORE-2016-003

Posted by Drupal Security Team on July 18, 2016 at 1:53pm

Advisory ID: DRUPAL-SA-CORE-2016-003
Project: Drupal core
Version: 8.x
Date: 2016-July-18
Security risk: 20/25 ( Highly Critical) AC:Basic/A:None/CI:All/II:All/E:Proof/TD:Default
Vulnerability: Injection

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002

Posted by Drupal Security Team on June 15, 2016 at 6:45pm

Advisory ID: DRUPAL-SA-CORE-2016-002
Project: Drupal core
Version: 7.x, 8.x
Date: 2016-June-15
Security risk: 11/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass, Multiple vulnerabilities

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001

Posted by Drupal Security Team on February 24, 2016 at 5:33pm

Advisory ID: SA-CORE-2016-001
Project: Drupal core
Version: 6.x, 7.x, 8.x
Date: 2016-February-24
Security risk: 15/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All
Vulnerability: Multiple vulnerabilities

Drupal Core - Overlay - Less Critical - Open Redirect - SA-CORE-2015-004

Posted by Drupal Security Team on October 21, 2015 at 7:16pm

Advisory ID: DRUPAL-SA-CORE-2015-004
Project: Drupal core
Version: 7.x
Date: 2015-October-21
Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Open Redirect

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003

Posted by Drupal Security Team on August 19, 2015 at 7:27pm

Advisory ID: DRUPAL-SA-CORE-2015-003
Project: Drupal core
Version: 6.x, 7.x
Date: 2015-August-19
Security risk: 18/25 ( Critical) AC:Complex/A:User/CI:All/II:All/E:Proof/TD:All
Vulnerability: Cross Site Scripting, Access bypass, SQL Injection, Open Redirect, Multiple vulnerabilities

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-002

Posted by Drupal Security Team on June 17, 2015 at 4:12pm

Advisory ID: DRUPAL-SA-CORE-2015-002
Project: Drupal core
Version: 6.x, 7.x
Date: 2015-June-17
Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass, Information Disclosure, Open Redirect, Multiple vulnerabilities

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

Posted by Drupal Security Team on March 18, 2015 at 6:04pm

Advisory ID: DRUPAL-SA-CORE-2015-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2015-March-18
Security risk: 14/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass, Open Redirect, Multiple vulnerabilities

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006

Posted by Drupal Security Team on November 19, 2014 at 6:21pm

Advisory ID: DRUPAL-SA-CORE-2014-006
Project: Drupal core
Version: 6.x, 7.x
Date: 2014-November-19
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Multiple vulnerabilities

SA-CORE-2014-005 - Drupal core - SQL injection

Posted by Drupal Security Team on October 15, 2014 at 4:02pm

Advisory ID: DRUPAL-SA-CORE-2014-005
Project: Drupal core
Version: 7.x
Date: 2014-Oct-15
Security risk: 25/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Exploit/TD:All
Vulnerability: SQL Injection

Pages

Subscribe with RSS

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004

Description

Drupal Core - Highly Critical - Injection - SA-CORE-2016-003

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001

Drupal Core - Overlay - Less Critical - Open Redirect - SA-CORE-2015-004

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-002

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006

SA-CORE-2014-005 - Drupal core - SQL injection

Pages

Security announcements

Contacting the Security team

Writing secure code

Security books

News items

Our community

Documentation

Drupal code base

Governance of community