oss-sec mailing list archives
Remaining CVE IDs for Drupal contributed modules (2014)
From: Pere Orga <pere () orga cat>
Date: Wed, 23 Mar 2016 12:35:20 +0100
Hi Some of the following vulnerabilities may not have a CVE id assigned due to product scope changes. Because I don't know what these changes are (and failed to find them in https://cve.mitre.org) I am requesting CVE ids for all Drupal vulnerabilities that currently don't have a CVE id requested nor assigned. Please can I have CVE IDs assigned to the following vulnerabilities: SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing https://www.drupal.org/node/2179099 SA-CONTRIB-2014-005 - Leaflet - Access bypass https://www.drupal.org/node/2179103 SA-CONTRIB-2014-007 - Services - Access bypass https://www.drupal.org/node/2184843 SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure https://www.drupal.org/node/2187453 SA-CONTRIB-2014-010 - Services - Access Bypass and Privilege Escalation https://www.drupal.org/node/2189509 SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure https://www.drupal.org/node/2189643 SA-CONTRIB-2014-013 - Chaos tool suite (ctools) - Access Bypass https://www.drupal.org/node/2194589 SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS) https://www.drupal.org/node/2194621 SA-CONTRIB-2014-015 - FileField - Access Bypass https://www.drupal.org/node/2194639 SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS) https://www.drupal.org/node/2194655 SA-CONTRIB-2014-022 - Slickgrid - Access bypass https://www.drupal.org/node/2200491 SA-CONTRIB-2014-024 - Content Lock - CSRF https://www.drupal.org/node/2205807 SA-CONTRIB-2014-025 - Open Omega - Access Bypass https://www.drupal.org/node/2205877 SA-CONTRIB-2014-026 - Mime Mail - Access bypass https://www.drupal.org/node/2205991 SA-CONTRIB-2014-028 - Masquerade - Access bypass https://www.drupal.org/node/2211401 SA-CONTRIB-2014-029 - Mime Mail - Access Bypass https://www.drupal.org/node/2211419 SA-CONTRIB-2014-030 - SexyBookmarks - Information Disclosure https://www.drupal.org/node/2216269 SA-CONTRIB-2014-031 - Webform Template - Access Bypass https://www.drupal.org/node/2216607 SA-CONTRIB-2014-032 - Xapian integration - Access Bypass https://www.drupal.org/node/2221403 SA-CONTRIB-2014-035 - CAS Server - Access Bypass https://www.drupal.org/node/2231663 SA-CONTRIB-2014-039 - Revisioning - Access Bypass https://www.drupal.org/node/2236807 SA-CONTRIB-2014-041 - Block Search - SQL Injection https://www.drupal.org/node/2242463 SA-CONTRIB-2014-042 - Internationalization - Access Bypass https://www.drupal.org/node/2248073 SA-CONTRIB-2014-045 - Drupal Commons - Access Bypass https://www.drupal.org/node/2248171 SA-CONTRIB-2014-048 - Field API Pane Editor (FAPE) - Access bypass https://www.drupal.org/node/2254943 SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass https://www.drupal.org/node/2261245 SA-CONTRIB-2014-050 - Commerce Postfinance ePayment - Access Bypass https://www.drupal.org/node/2267381 SA-CONTRIB-2014-051 - Realname Registration - Information Disclosure https://www.drupal.org/node/2267481 SA-CONTRIB-2014-053 - Field API Tab Editor (FATE) - Access bypass https://www.drupal.org/node/2267539 SA-CONTRIB-2014-054 - Views - Access Bypass https://www.drupal.org/node/2271809 SA-CONTRIB-2014-055 - Require Login - Access bypass https://www.drupal.org/node/2271837 SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure https://www.drupal.org/node/2271823 SA-CONTRIB-2014-057 - Password policy - General logic error https://www.drupal.org/node/2271839 SA-CONTRIB-2014-058 - Webserver Auth - Access Bypass https://www.drupal.org/node/2275675 SA-CONTRIB-2014-060- Petitions - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2284571 SA-CONTRIB-2014-062 - Passsword Policy - Access Bypass (7x) SA-CONTRIB-2014-062 - Passsword Policy - Access Bypass (6.x) https://www.drupal.org/node/2288341 SA-CONTRIB-2014-064 -Course - Access bypass https://www.drupal.org/node/2288403 SA-CONTRIB-2014-066 - Node Access Keys - Access Bypass https://www.drupal.org/node/2296495 SA-CONTRIB-2014-068 - Pane - XSS https://www.drupal.org/node/2296783 SA-CONTRIB-2014-070 - Password Policy - Access Bypass https://www.drupal.org/node/2304213 SA-CONTRIB-2014-079 - RedHen CRM - Cross Site Scripting (XSS) https://www.drupal.org/node/2324679 SA-CONTRIB-2014-086 - Custom BreadCrumbs - Cross Site Scripting (XSS) https://www.drupal.org/node/2336263 SA-CONTRIB-2014-088 - Mollom - Cross-site scripting (XSS) https://www.drupal.org/node/2340029 SA-CONTRIB-2014-089 - Geofield Yandex Maps - Cross Site Scripting (XSS) https://www.drupal.org/node/2340039 SA-CONTRIB-2014-090 - Speech recognition - Cross Site Scripting (XSS) SA-CONTRIB-2014-090 - Speech recognition - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2340063 SA-CONTRIB-2014-091 - Survey Builder - Cross Site Scripting (XSS) https://www.drupal.org/node/2340069 SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS) https://www.drupal.org/node/2344369 SA-CONTRIB-2014-095 - Safeword - Cross Site Scripting (XSS) https://www.drupal.org/node/2344383 SA-CONTRIB-2014-096 - OAuth2 Client - Cross Site Scripting (XSS) https://www.drupal.org/node/2352747 SA-CONTRIB-2014-097 - nodeaccess - Access Bypass https://www.drupal.org/node/2352757 SA-CONTRIB-2014-098 - CKEditor - Cross Site Scripting (XSS) https://www.drupal.org/node/2357029 SA-CONTRIB-2014-101 - Ubercart - Cross Site Request Forgery https://www.drupal.org/node/2361613 SA-CONTRIB-2014-102 - Document - Cross Site Scripting https://www.drupal.org/node/2361617 SA-CONTRIB-2014-103 - Passwordless - Cross Site Scripting (XSS) https://www.drupal.org/node/2365645 SA-CONTRIB-2014-104 - Addressfield Tokens - Cross Site Scripting https://www.drupal.org/node/2365673 SA-CONTRIB-2014-106 - Commerce Authorize.Net SIM/DPM Payment Methods - Access Bypass https://www.drupal.org/node/2365809 SA-CONTRIB-2014-107 - Scheduler - Cross Site Scripting https://www.drupal.org/node/2373961 SA-CONTRIB-2014-109 - Freelinking - Cross Site Scripting (XSS) https://www.drupal.org/node/2373981 SA-CONTRIB-2014-115 - Form Builder - Cross-Site Scripting (XSS) https://www.drupal.org/node/2378441 SA-CONTRIB-2014-118 - Administer Users by Role - Access Bypass https://www.drupal.org/node/2390687 SA-CONTRIB-2014-119 - Google Analytics - Information disclosure https://www.drupal.org/node/2390689 SA-CONTRIB-2014-120 - Piwik Web Analytics - Information disclosure https://www.drupal.org/node/2390695 SA-CONTRIB-2014-123 - Postal Code - Cross Site Scripting (XSS) https://www.drupal.org/node/2390857 SA-CONTRIB-2014-125 - Organic Groups Menu - Access bypass https://www.drupal.org/node/2390899 SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass https://www.drupal.org/node/2395049 Many thanks Regards -- Pere Orga on behalf of the Drupal Security team
Current thread:
- Remaining CVE IDs for Drupal contributed modules (2014) Pere Orga (Mar 23)