Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 14 Oct 2015 18:57:35 +0200
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com
Cc: Drupal Security Team <security@...pal.org>
Subject: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132
 to SA-CONTRIB-2015-156)

Hi

Please can I have CVEs assigned to the following vulnerabilities:

SA-CONTRIB-2015-132 - Administration Views - Information Disclosure
https://www.drupal.org/node/2529378

SA-CONTRIB-2015-133 - Path Breadcrumbs - Cross Site Scripting (XSS)
https://www.drupal.org/node/2533926

SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Scripting
SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Request Forgery
SA-CONTRIB-2015-134 - OSF for Drupal - Access bypass
https://www.drupal.org/node/2537860

SA-CONTRIB-2015-135 - Time Tracker - Cross Site Scripting (XSS)
https://www.drupal.org/node/2537866

SA-CONTRIB-2015-136 - Commerce Commonwealth (CBA) - Insufficient
Verification of API Data
https://www.drupal.org/node/2542380

SA-CONTRIB-2015-137 - Quick Edit - Cross Site Scripting (XSS)
https://www.drupal.org/node/2546164

SA-CONTRIB-2015-138 - Compass Rose - Cross Site Scripting (XSS)
https://www.drupal.org/node/2546174

SA-CONTRIB-2015-139 - Workbench Email - Access bypass
https://www.drupal.org/node/2553971

SA-CONTRIB-2015-140 - Search API Autocomplete - Cross Site Scripting (XSS)
https://www.drupal.org/node/2553977

SA-CONTRIB-2015-141 - Ctools - Cross Site Scripting (XSS)
SA-CONTRIB-2015-141 - Ctools - Access bypass
https://www.drupal.org/node/2554145

SA-CONTRIB-2015-142 - Spotlight - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561375

SA-CONTRIB-2015-143 - Zendesk Feedback Tab - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561893

SA-CONTRIB-2015-144 - Mass Contact - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561951

SA-CONTRIB-2015-145 - Fieldable Panels Panes - Access bypass
https://www.drupal.org/node/2561971

SA-CONTRIB-2015-146 - Twitter - Access bypass
https://www.drupal.org/node/2565827

SA-CONTRIB-2015-147 - RESTful - Access bypass
https://www.drupal.org/node/2565875

SA-CONTRIB-2015-148 - Drupal 7 driver for SQL Server and SQL Azure -
SQL Injection
https://www.drupal.org/node/2569577

SA-CONTRIB-2015-149 - amoCRM - Cross Site Scripting (XSS)
https://www.drupal.org/node/2569587

SA-CONTRIB-2015-150 - CMS Updater - Access bypass
SA-CONTRIB-2015-150 - CMS Updater - Cross Site Scripting (XSS)
https://www.drupal.org/node/2569599

SA-CONTRIB-2015-151 - Scald - Information Disclosure
https://www.drupal.org/node/2569631

SA-CONTRIB-2015-152 - User Dashboard - SQL Injection
https://www.drupal.org/node/2577901

SA-CONTRIB-2015-153 - Taxonomy Find - Cross Site Scripting (XSS)
https://www.drupal.org/node/2577903

SA-CONTRIB-2015-154 - Stickynote - Cross Site Scripting (XSS)
https://www.drupal.org/node/2581997

SA-CONTRIB-2015-155 - Entity Registration - Information Disclosure
https://www.drupal.org/node/2582015

SA-CONTRIB-2015-156 - Colorbox - Access bypass
https://www.drupal.org/node/2582071

Many thanks

Regards
Pere Orga on behalf of the Drupal Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.