oss-sec mailing list archives

Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)

From: "Evans, Jonathan L." <jevans () mitre org>
Date: Wed, 21 Oct 2015 11:50:44 +0000

SA-CONTRIB-2015-132 - Administration Views - Information Disclosure
https://www.drupal.org/node/2529378


Use CVE-2015-7226.

SA-CONTRIB-2015-133 - Path Breadcrumbs - Cross Site Scripting (XSS)
https://www.drupal.org/node/2533926


Use CVE-2015-6754.

SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Scripting


Use CVE-2015-7232.

SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Request Forgery


Use CVE-2015-7233.

SA-CONTRIB-2015-134 - OSF for Drupal - Access bypass
https://www.drupal.org/node/2537860


Use CVE-2015-7234.

SA-CONTRIB-2015-135 - Time Tracker - Cross Site Scripting (XSS)
https://www.drupal.org/node/2537866


Use CVE-2015-6751.

SA-CONTRIB-2015-136 - Commerce Commonwealth (CBA) - Insufficient
Verification of API Data
https://www.drupal.org/node/2542380


Use CVE-2015-7231.

SA-CONTRIB-2015-137 - Quick Edit - Cross Site Scripting (XSS)
https://www.drupal.org/node/2546164


Use CVE-2015-6753.

SA-CONTRIB-2015-138 - Compass Rose - Cross Site Scripting (XSS)
https://www.drupal.org/node/2546174


The advisory is not clear whether the vulnerability is in the unnamed Javascript 
library or the Compass Rose module.  If the former, we need to know the name of 
the library to ensure we do not issue a duplicate ID.

SA-CONTRIB-2015-139 - Workbench Email - Access bypass
https://www.drupal.org/node/2553971


Use CVE-2015-7230.

SA-CONTRIB-2015-140 - Search API Autocomplete - Cross Site Scripting (XSS)
https://www.drupal.org/node/2553977


Use CVE-2015-6752.

SA-CONTRIB-2015-141 - Ctools - Cross Site Scripting (XSS)


Use CVE-2015-6665.  This vulnerability was merged with Ajax system XSS 
vulnerability in SA-CORE-2015-003.

SA-CONTRIB-2015-141 - Ctools - Access bypass
https://www.drupal.org/node/2554145


Use CVE-2015-7875.

SA-CONTRIB-2015-142 - Spotlight - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561375


Use CVE-2015-6808.

SA-CONTRIB-2015-143 - Zendesk Feedback Tab - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561893


Use CVE-2015-6921.

SA-CONTRIB-2015-144 - Mass Contact - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561951


Use CVE-2015-6807.

SA-CONTRIB-2015-145 - Fieldable Panels Panes - Access bypass
https://www.drupal.org/node/2561971


Use CVE-2015-7227.

SA-CONTRIB-2015-146 - Twitter - Access bypass
https://www.drupal.org/node/2565827


Use CVE-2015-7229.

SA-CONTRIB-2015-147 - RESTful - Access bypass
https://www.drupal.org/node/2565875


Use CVE-2015-7228.

SA-CONTRIB-2015-148 - Drupal 7 driver for SQL Server and SQL Azure -
SQL Injection
https://www.drupal.org/node/2569577


Use CVE-2015-7876.

SA-CONTRIB-2015-149 - amoCRM - Cross Site Scripting (XSS)
https://www.drupal.org/node/2569587


Use CVE-2015-7304.

SA-CONTRIB-2015-150 - CMS Updater - Access bypass


Use CVE-2015-7306.

SA-CONTRIB-2015-150 - CMS Updater - Cross Site Scripting (XSS)
https://www.drupal.org/node/2569599


Use CVE-2015-7307.

SA-CONTRIB-2015-151 - Scald - Information Disclosure
https://www.drupal.org/node/2569631


Use CVE-2015-7305.

SA-CONTRIB-2015-152 - User Dashboard - SQL Injection
https://www.drupal.org/node/2577901


Use CVE-2015-7877.

SA-CONTRIB-2015-153 - Taxonomy Find - Cross Site Scripting (XSS)
https://www.drupal.org/node/2577903


Use CVE-2015-7878.

SA-CONTRIB-2015-154 - Stickynote - Cross Site Scripting (XSS)
https://www.drupal.org/node/2581997


Use CVE-2015-7879.

SA-CONTRIB-2015-155 - Entity Registration - Information Disclosure
https://www.drupal.org/node/2582015


Use CVE-2015-7880.

SA-CONTRIB-2015-156 - Colorbox - Access bypass
https://www.drupal.org/node/2582071


Use CVE-2015-7881.

- - --
CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through 
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWJ3sIAAoJEL54rhJi8gl5FjUP/RldLArN7ZS5yPa8AwsW7WPl
wni0Rfpn/dFgbozBRiYzuYngg0lgBwkG5DdTXp5Q8kOAxVaniFMoOBrGh00QC5fg
9NxagOE1EJaNX8HdHBZzEHXpG1bD/Vb9SyrBAXiuOx23TXGqbOg3Lpht1r9GNL64
jWP1mLeqkNuxQtv8OGklfJP+fBCxTtExeGzdKZKpWDB9Ns5hVZtFLvD2CEyiIDOF
Rc+C8Db1CYqjfDW2aiIR1CUfdNMTjH44zXJ8Bi0ua/cKRtI9jrn/u1wlZmvpuyY/
ue1vpmWc8KL6JcPLEoXfH41iCAOqZI0nVoEeUAPaxkl6B2bWT+kvmkFJTru5Zh4/
AhAnnNGjfji8hJLCnxzy7fddI319DD9W7HeXNG7NpqPL7nQpKt5C5x03GXtD9mlF
Mjq6CnN3cOxz/mW2dDtPI0Pwwxa247oWUx3DBQaio2GqtmyLNgmdN1OlHndF2HOp
0kUzuWHPyA6GKJD8C0Qhtzo+eh0sQvBs8p3lm9wh91RGIa/3yPuRMZdymQM0Fi18
p54cyR+TpYwqPAWPhtJ84TrTA+GKWMME+THH1RoPJn9WUoYBzuRmYG7c23G5+aPH
KP14X/TBX1z3QzOTlSBA3AkwciImipBX3juExdgbW2/nVgWH2x2QfPGXGrUilFty
hgQH1fMVvGnBPlJEdkVk
=2xxh
-----END PGP SIGNATURE-----

Current thread:

CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga (Oct 14)
- <Possible follow-ups>
- Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Evans, Jonathan L. (Oct 21)
  - Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga (Oct 24)
    - CVE Requests for read out of bound in libpng xiaoqixue_1 (Oct 25)
    - Re: CVE Requests for read out of bound in libpng cve-assign (Oct 26)
    - RE: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Evans, Jonathan L. (Oct 26)