oss-sec mailing list archives
Re: CVE Request for Drupal contributed modules
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 13 Jun 2012 20:32:11 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apologies for the delay in CRUPAL SA-CONTRIB CVE assignments, here's the current batch: CVE-2012-2699 SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS) CVE-2012-2700 SA-CONTRIB-2012-074 - Contact Forms - Access Bypass CVE-2012-2701 SA-CONTRIB-2012-075 - Take Control - Cross Site Request Forgery (CSRF) CVE-2012-2702 SA-CONTRIB-2012-076 - Ubercart Product Keys Access Bypass CVE-2012-2703 SA-CONTRIB-2012-077 - Advertisement - Cross Site Scripting & Information Disclosure - XSS CVE-2012-2704 SA-CONTRIB-2012-077 - Advertisement - Cross Site Scripting & Information Disclosure - Information Disclosure CVE-2012-2705 SA-CONTRIB-2012-078 - Smart Breadcrumb - Cross Site Scripting (XSS) CVE-2012-2706 SA-CONTRIB-2012-079 - Post Affiliate Pro - Cross Site Scripting (XSS) and Access Bypass - Unsupported CVE-2012-2707 SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass and Cross Site Scripting (XSS) - access bypass CVE-2012-2708 SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass and Cross Site Scripting (XSS) - XSS CVE-2012-2709 SA-CONTRIB-2012-081 - Aberdeen - Cross Site Scripting CVE-2012-2710 SA-CONTRIB-2012-082 - Zen - Cross Site Scripting CVE-2012-2711 SA-CONTRIB-2012-083 - Taxonomy List - Cross Site Scripting (XSS) CVE-2012-2712 SA-CONTRIB-2012-084 - Search API - Cross Site Scripting (XSS) CVE-2012-2713 SA-CONTRIB-2012-085 - BrowserID - Multiple Vulnerabilities - CSRF CVE-2012-2714 SA-CONTRIB-2012-085 - BrowserID - Multiple Vulnerabilities - BrowserID login theft CVE-2012-2715 SA-CONTRIB-2012-086 - Amadou - Cross Site Scripting CVE-2012-2716 SA-CONTRIB-2012-087 - Comment Moderation - Cross Site Request Forgery CVE-2012-2717 SA-CONTRIB-2012-088 - Mobile Tools - Cross Site Scripting (XSS) CVE-2012-2718 SA-CONTRIB-2012-089 - Counter - SQL Injection (unsupported) CVE-2012-2719 SA-CONTRIB-2012-090 - File depot - Session Management Vulnerability CVE-2012-2720 SA-CONTRIB-2012-091 - Token Authentication - Access bypass CVE-2012-2721 SA-CONTRIB-2012-092 - Organic Groups - Cross Site Scripting (XSS) and Access Bypass CVE-2012-2722 SA-CONTRIB-2012-093 - Node Embed - Access Bypass CVE-2012-2723 SA-CONTRIB-2012-094 - Maestro module - Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS) CVE-2012-2724 SA-CONTRIB-2012-095 - Simplenews - Information Disclosure CVE-2012-2725 SA-CONTRIB-2012-096 - Authoring HTML - Cross Site Scripting (XSS) CVE-2012-2726 SA-CONTRIB-2012-097 - Protest - Cross Site Scripting (XSS) CVE-2012-2727 SA-CONTRIB-2012-098 - Janrain Capture - Open Redirect CVE-2012-2728 SA-CONTRIB-2012-099 - Node Hierarchy - Cross Site Request Forgery (CSRF) CVE-2012-2729 SA-CONTRIB-2012-100 - SimpleMeta - Cross Site Request Forgery (CSRF) CVE-2012-2730 SA-CONTRIB-2012-101 - Protected Node - Access Bypass CVE-2012-2731 SA-CONTRIB-2012-102 - Ubercart AJAX Cart - Potential Disclosure of user Session ID CVE-2012-2732 SA-CONTRIB-2012-103 - Global Redirect - Open Redirect - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP2U0rAAoJEBYNRVNeJnmTvmYQAIPqLmDYtoOZ0qvQwnJ2D3ZG CfGfstBLRTrlEkhSMiEHLztjBCUEnsBz8hvFZ1vA3dBkWuvw4BLBHaONHJ/GZES8 lMpdVh/1nP0AwqYSOloHjvHOZlI57xWbrmqi517gYM2cBDyZ13527bCeFTAVNOnS 9uE60cWJfpCrejLrGj7AtZgLPBuyWFnAfPHEDWbZCrq+Di1fjddYK5JBQRTrUE5E W1rtx43b3KrO33MgQ33TAdmFkMKXulK4BBUT44DyB2OD2DBqsCi/xgFXRBtu7hii RVGYBCw6YxXXW8y86eF10nsURSwl3IZImtaA/z/me9wEPZEG+Mdjmf5zc85kZVtj BS8CoOJq1dbNMmPBWptG5tdITWlrRZLEHc2RgjiiVsoSlIPH+X+mg9bvwNkayDzQ 2UhSFqxP1FFeC/HoWekCA7ZScQhQ1qLdOzUfKTMMAYb06kD7A3ZrQPF3r10UHSLh +hE09FF8UiTJo9WsOK7oeFnByWLtcvOs2lQ2AHWIHbsfPxNC9ckHz7AyLHkypPg0 qPc+Ljw8LVvNnJSodFWszqRwi+1mAAfTqbvoXYh8EcGIMDiPDBJPX5AtMFjARQs1 8ikC5ABumFv/yvlVuksDl9HfPGqd6oBXG8ZyMoFKoyHHIDZprJ8Y0SxUMTy3DIaP t3ETs2fViyvuPN+S+itX =6Pqs -----END PGP SIGNATURE-----
Current thread:
- CVE Request for Drupal contributed modules Greg Knaddison (May 02)
- Re: CVE Request for Drupal contributed modules Kurt Seifried (May 02)
- <Possible follow-ups>
- CVE Request for Drupal contributed modules Greg Knaddison (May 30)
- Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
- Re: CVE Request for Drupal contributed modules Solar Designer (Jun 04)
- Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
- Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
- Re: CVE Request for Drupal contributed modules Kurt Seifried (Jun 13)
- Re: CVE Request for Drupal contributed modules Henri Salo (Jun 14)
- Re: CVE Request for Drupal contributed modules Kurt Seifried (Jun 15)
- Re: CVE Request for Drupal contributed modules Steven M. Christey (Jun 27)