[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Remaining CVE IDs for Drupal contributed modules (2014)
From: Pere Orga <pere () orga ! cat>
Date: 2016-03-23 11:35:20
Message-ID: CAMYtjAoCwmhiH4Ut7003D_PGaGSR7PezhSKfBGgZcLrmOcRpTg () mail ! gmail ! com
[Download RAW message or body]
Hi
Some of the following vulnerabilities may not have a CVE id assigned
due to product scope changes. Because I don't know what these changes
are (and failed to find them in https://cve.mitre.org) I am requesting
CVE ids for all Drupal vulnerabilities that currently don't have a CVE
id requested nor assigned.
Please can I have CVE IDs assigned to the following vulnerabilities:
SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing
https://www.drupal.org/node/2179099
SA-CONTRIB-2014-005 - Leaflet - Access bypass
https://www.drupal.org/node/2179103
SA-CONTRIB-2014-007 - Services - Access bypass
https://www.drupal.org/node/2184843
SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure
https://www.drupal.org/node/2187453
SA-CONTRIB-2014-010 - Services - Access Bypass and Privilege Escalation
https://www.drupal.org/node/2189509
SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure
https://www.drupal.org/node/2189643
SA-CONTRIB-2014-013 - Chaos tool suite (ctools) - Access Bypass
https://www.drupal.org/node/2194589
SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS)
https://www.drupal.org/node/2194621
SA-CONTRIB-2014-015 - FileField - Access Bypass
https://www.drupal.org/node/2194639
SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)
https://www.drupal.org/node/2194655
SA-CONTRIB-2014-022 - Slickgrid - Access bypass
https://www.drupal.org/node/2200491
SA-CONTRIB-2014-024 - Content Lock - CSRF
https://www.drupal.org/node/2205807
SA-CONTRIB-2014-025 - Open Omega - Access Bypass
https://www.drupal.org/node/2205877
SA-CONTRIB-2014-026 - Mime Mail - Access bypass
https://www.drupal.org/node/2205991
SA-CONTRIB-2014-028 - Masquerade - Access bypass
https://www.drupal.org/node/2211401
SA-CONTRIB-2014-029 - Mime Mail - Access Bypass
https://www.drupal.org/node/2211419
SA-CONTRIB-2014-030 - SexyBookmarks - Information Disclosure
https://www.drupal.org/node/2216269
SA-CONTRIB-2014-031 - Webform Template - Access Bypass
https://www.drupal.org/node/2216607
SA-CONTRIB-2014-032 - Xapian integration - Access Bypass
https://www.drupal.org/node/2221403
SA-CONTRIB-2014-035 - CAS Server - Access Bypass
https://www.drupal.org/node/2231663
SA-CONTRIB-2014-039 - Revisioning - Access Bypass
https://www.drupal.org/node/2236807
SA-CONTRIB-2014-041 - Block Search - SQL Injection
https://www.drupal.org/node/2242463
SA-CONTRIB-2014-042 - Internationalization - Access Bypass
https://www.drupal.org/node/2248073
SA-CONTRIB-2014-045 - Drupal Commons - Access Bypass
https://www.drupal.org/node/2248171
SA-CONTRIB-2014-048 - Field API Pane Editor (FAPE) - Access bypass
https://www.drupal.org/node/2254943
SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass
https://www.drupal.org/node/2261245
SA-CONTRIB-2014-050 - Commerce Postfinance ePayment - Access Bypass
https://www.drupal.org/node/2267381
SA-CONTRIB-2014-051 - Realname Registration - Information Disclosure
https://www.drupal.org/node/2267481
SA-CONTRIB-2014-053 - Field API Tab Editor (FATE) - Access bypass
https://www.drupal.org/node/2267539
SA-CONTRIB-2014-054 - Views - Access Bypass
https://www.drupal.org/node/2271809
SA-CONTRIB-2014-055 - Require Login - Access bypass
https://www.drupal.org/node/2271837
SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure
https://www.drupal.org/node/2271823
SA-CONTRIB-2014-057 - Password policy - General logic error
https://www.drupal.org/node/2271839
SA-CONTRIB-2014-058 - Webserver Auth - Access Bypass
https://www.drupal.org/node/2275675
SA-CONTRIB-2014-060- Petitions - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2284571
SA-CONTRIB-2014-062 - Passsword Policy - Access Bypass (7x)
SA-CONTRIB-2014-062 - Passsword Policy - Access Bypass (6.x)
https://www.drupal.org/node/2288341
SA-CONTRIB-2014-064 -Course - Access bypass
https://www.drupal.org/node/2288403
SA-CONTRIB-2014-066 - Node Access Keys - Access Bypass
https://www.drupal.org/node/2296495
SA-CONTRIB-2014-068 - Pane - XSS
https://www.drupal.org/node/2296783
SA-CONTRIB-2014-070 - Password Policy - Access Bypass
https://www.drupal.org/node/2304213
SA-CONTRIB-2014-079 - RedHen CRM - Cross Site Scripting (XSS)
https://www.drupal.org/node/2324679
SA-CONTRIB-2014-086 - Custom BreadCrumbs - Cross Site Scripting (XSS)
https://www.drupal.org/node/2336263
SA-CONTRIB-2014-088 - Mollom - Cross-site scripting (XSS)
https://www.drupal.org/node/2340029
SA-CONTRIB-2014-089 - Geofield Yandex Maps - Cross Site Scripting (XSS)
https://www.drupal.org/node/2340039
SA-CONTRIB-2014-090 - Speech recognition - Cross Site Scripting (XSS)
SA-CONTRIB-2014-090 - Speech recognition - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2340063
SA-CONTRIB-2014-091 - Survey Builder - Cross Site Scripting (XSS)
https://www.drupal.org/node/2340069
SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS)
https://www.drupal.org/node/2344369
SA-CONTRIB-2014-095 - Safeword - Cross Site Scripting (XSS)
https://www.drupal.org/node/2344383
SA-CONTRIB-2014-096 - OAuth2 Client - Cross Site Scripting (XSS)
https://www.drupal.org/node/2352747
SA-CONTRIB-2014-097 - nodeaccess - Access Bypass
https://www.drupal.org/node/2352757
SA-CONTRIB-2014-098 - CKEditor - Cross Site Scripting (XSS)
https://www.drupal.org/node/2357029
SA-CONTRIB-2014-101 - Ubercart - Cross Site Request Forgery
https://www.drupal.org/node/2361613
SA-CONTRIB-2014-102 - Document - Cross Site Scripting
https://www.drupal.org/node/2361617
SA-CONTRIB-2014-103 - Passwordless - Cross Site Scripting (XSS)
https://www.drupal.org/node/2365645
SA-CONTRIB-2014-104 - Addressfield Tokens - Cross Site Scripting
https://www.drupal.org/node/2365673
SA-CONTRIB-2014-106 - Commerce Authorize.Net SIM/DPM Payment Methods -
Access Bypass
https://www.drupal.org/node/2365809
SA-CONTRIB-2014-107 - Scheduler - Cross Site Scripting
https://www.drupal.org/node/2373961
SA-CONTRIB-2014-109 - Freelinking - Cross Site Scripting (XSS)
https://www.drupal.org/node/2373981
SA-CONTRIB-2014-115 - Form Builder - Cross-Site Scripting (XSS)
https://www.drupal.org/node/2378441
SA-CONTRIB-2014-118 - Administer Users by Role - Access Bypass
https://www.drupal.org/node/2390687
SA-CONTRIB-2014-119 - Google Analytics - Information disclosure
https://www.drupal.org/node/2390689
SA-CONTRIB-2014-120 - Piwik Web Analytics - Information disclosure
https://www.drupal.org/node/2390695
SA-CONTRIB-2014-123 - Postal Code - Cross Site Scripting (XSS)
https://www.drupal.org/node/2390857
SA-CONTRIB-2014-125 - Organic Groups Menu - Access bypass
https://www.drupal.org/node/2390899
SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass
https://www.drupal.org/node/2395049
Many thanks
Regards
--
Pere Orga on behalf of the Drupal Security team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic