oss-sec mailing list archives
CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)
From: Pere Orga <pere () orga cat>
Date: Sat, 4 Jul 2015 21:55:06 +0200
Hi Please can I have CVEs assigned to the following vulnerabilities: Camtasia Relay - Cross Site Scripting (XSS) - SA-CONTRIB-2015-100 https://www.drupal.org/node/2480241 MailChimp - Cross Site Scripting (XSS) - SA-CONTRIB-2015-101 https://www.drupal.org/node/2480253 Smart Trim - Cross Site Scripting (XSS) - SA-CONTRIB-2015-102 https://www.drupal.org/node/2480321 Views - Access Bypass - SA-CONTRIB-2015-103 https://www.drupal.org/node/2480327 Dynamic display block - Access bypass - SA-CONTRIB-2015-104 https://www.drupal.org/node/2484157 Video Consultation - Cross Site Scripting (XSS) - SA-CONTRIB-2015-105 https://www.drupal.org/node/2484195 Entityform Block - Access Bypass - SA-CONTRIB-2015-106 https://www.drupal.org/node/2484169 Webform Matrix Component - Cross Site Scripting (XSS) - SA-CONTRIB-2015-107 https://www.drupal.org/node/2484231 Mobile sliding menu - Cross Site Scripting (XSS) - SA-CONTRIB-2015-108 https://www.drupal.org/node/2484233 pass2pdf - Information Disclosure - SA-CONTRIB-2015-109 https://www.drupal.org/node/2492205 Web Links - Cross Site Scripting (XSS) - SA-CONTRIB-2015-110 https://www.drupal.org/node/2492209 Shipwire - Cross Site Scripting (XSS) - SA-CONTRIB-2015-111 https://www.drupal.org/node/2492243 Navigate - Access Bypass - SA-CONTRIB-2015-112 Navigate - Cross-site scripting - SA-CONTRIB-2015-112 https://www.drupal.org/node/2492245 Aegir - Code Execution Prevention - SA-CONTRIB-2015-113 https://www.drupal.org/node/2492317 Storage API - Access Bypass - SA-CONTRIB-2015-114 https://www.drupal.org/node/2495903 Chamilo integration - Open Redirect - SA-CONTRIB-2015-115 https://www.drupal.org/node/2495931 Novalnet Payment Module Ubercart - SQL Injection - SA-CONTRIB-2015-116 https://www.drupal.org/node/2499787 Novalnet Payment Module Drupal Commerce - SQL Injection - SA-CONTRIB-2015-117 https://www.drupal.org/node/2499791 HTTP Strict Transport Security - Logical Error - SA-CONTRIB-2015-118 https://www.drupal.org/node/2507563 Apache Solr Real-Time - Access Bypass - SA-CONTRIB-2015-119 https://www.drupal.org/node/2507581 Inline Entity Form - Cross Site Scripting (XSS) - SA-CONTRIB-2015-120 https://www.drupal.org/node/2507605 The eXtensible Catalog (XC) Drupal Toolkit - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-121 https://www.drupal.org/node/2507619 Administration Views - Access Bypass - SA-CONTRIB-2015-122 https://www.drupal.org/node/250764 jQuery Update - Open Redirect - SA-CONTRIB-2015-123 https://www.drupal.org/node/2507729 LABjs - Open Redirect - SA-CONTRIB-2015-124 https://www.drupal.org/node/2507735 Acquia Cloud Site Factory Connector - Open Redirect - SA-CONTRIB-2015-125 https://www.drupal.org/node/2507741 Content Construction Kit (CCK) - Open Redirect - SA-CONTRIB-2015-126 https://www.drupal.org/node/2507753 HybridAuth Social Login - Access bypass - SA-CONTRIB-2015-127 https://www.drupal.org/node/2511410 me aliases - Access Bypass - SA-CONTRIB-2015-128 https://www.drupal.org/node/2511424 Shibboleth authentication - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129 https://www.drupal.org/node/2511518 Migrate - Cross Site Scripting (XSS) - SA-CONTRIB-2015-130 https://www.drupal.org/node/2516678 Views Bulk Operations - Access Bypass - SA-CONTRIB-2015-131 https://www.drupal.org/node/2516688 Regards Pere Orga on behalf of the Drupal Security Team
Current thread:
- CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131) Pere Orga (Jul 04)