Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 14 Oct 2015 18:57:35 +0200
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com
Cc: Drupal Security Team <security@...pal.org>
Subject: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132
 to SA-CONTRIB-2015-156)

Hi

Please can I have CVEs assigned to the following vulnerabilities:

SA-CONTRIB-2015-132 - Administration Views - Information Disclosure
https://www.drupal.org/node/2529378

SA-CONTRIB-2015-133 - Path Breadcrumbs - Cross Site Scripting (XSS)
https://www.drupal.org/node/2533926

SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Scripting
SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Request Forgery
SA-CONTRIB-2015-134 - OSF for Drupal - Access bypass
https://www.drupal.org/node/2537860

SA-CONTRIB-2015-135 - Time Tracker - Cross Site Scripting (XSS)
https://www.drupal.org/node/2537866

SA-CONTRIB-2015-136 - Commerce Commonwealth (CBA) - Insufficient
Verification of API Data
https://www.drupal.org/node/2542380

SA-CONTRIB-2015-137 - Quick Edit - Cross Site Scripting (XSS)
https://www.drupal.org/node/2546164

SA-CONTRIB-2015-138 - Compass Rose - Cross Site Scripting (XSS)
https://www.drupal.org/node/2546174

SA-CONTRIB-2015-139 - Workbench Email - Access bypass
https://www.drupal.org/node/2553971

SA-CONTRIB-2015-140 - Search API Autocomplete - Cross Site Scripting (XSS)
https://www.drupal.org/node/2553977

SA-CONTRIB-2015-141 - Ctools - Cross Site Scripting (XSS)
SA-CONTRIB-2015-141 - Ctools - Access bypass
https://www.drupal.org/node/2554145

SA-CONTRIB-2015-142 - Spotlight - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561375

SA-CONTRIB-2015-143 - Zendesk Feedback Tab - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561893

SA-CONTRIB-2015-144 - Mass Contact - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561951

SA-CONTRIB-2015-145 - Fieldable Panels Panes - Access bypass
https://www.drupal.org/node/2561971

SA-CONTRIB-2015-146 - Twitter - Access bypass
https://www.drupal.org/node/2565827

SA-CONTRIB-2015-147 - RESTful - Access bypass
https://www.drupal.org/node/2565875

SA-CONTRIB-2015-148 - Drupal 7 driver for SQL Server and SQL Azure -
SQL Injection
https://www.drupal.org/node/2569577

SA-CONTRIB-2015-149 - amoCRM - Cross Site Scripting (XSS)
https://www.drupal.org/node/2569587

SA-CONTRIB-2015-150 - CMS Updater - Access bypass
SA-CONTRIB-2015-150 - CMS Updater - Cross Site Scripting (XSS)
https://www.drupal.org/node/2569599

SA-CONTRIB-2015-151 - Scald - Information Disclosure
https://www.drupal.org/node/2569631

SA-CONTRIB-2015-152 - User Dashboard - SQL Injection
https://www.drupal.org/node/2577901

SA-CONTRIB-2015-153 - Taxonomy Find - Cross Site Scripting (XSS)
https://www.drupal.org/node/2577903

SA-CONTRIB-2015-154 - Stickynote - Cross Site Scripting (XSS)
https://www.drupal.org/node/2581997

SA-CONTRIB-2015-155 - Entity Registration - Information Disclosure
https://www.drupal.org/node/2582015

SA-CONTRIB-2015-156 - Colorbox - Access bypass
https://www.drupal.org/node/2582071

Many thanks

Regards
Pere Orga on behalf of the Drupal Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ