Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 23 Mar 2016 12:35:20 +0100
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com
Cc: Drupal Security Team <security@...pal.org>
Subject: Remaining CVE IDs for Drupal contributed modules (2014)

Hi

Some of the following vulnerabilities may not have a CVE id assigned
due to product scope changes. Because I don't know what these changes
are (and failed to find them in https://cve.mitre.org) I am requesting
CVE ids for all Drupal vulnerabilities that currently don't have a CVE
id requested nor assigned.

Please can I have CVE IDs assigned to the following vulnerabilities:

SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing
https://www.drupal.org/node/2179099

SA-CONTRIB-2014-005 - Leaflet - Access bypass
https://www.drupal.org/node/2179103

SA-CONTRIB-2014-007 - Services - Access bypass
https://www.drupal.org/node/2184843

SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure
https://www.drupal.org/node/2187453

SA-CONTRIB-2014-010 - Services - Access Bypass and Privilege Escalation
https://www.drupal.org/node/2189509

SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure
https://www.drupal.org/node/2189643

SA-CONTRIB-2014-013 - Chaos tool suite (ctools) - Access Bypass
https://www.drupal.org/node/2194589

SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS)
https://www.drupal.org/node/2194621

SA-CONTRIB-2014-015 - FileField - Access Bypass
https://www.drupal.org/node/2194639

SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)
https://www.drupal.org/node/2194655

SA-CONTRIB-2014-022 - Slickgrid - Access bypass
https://www.drupal.org/node/2200491

SA-CONTRIB-2014-024 - Content Lock - CSRF
https://www.drupal.org/node/2205807

SA-CONTRIB-2014-025 - Open Omega - Access Bypass
https://www.drupal.org/node/2205877

SA-CONTRIB-2014-026 - Mime Mail - Access bypass
https://www.drupal.org/node/2205991

SA-CONTRIB-2014-028 - Masquerade - Access bypass
https://www.drupal.org/node/2211401

SA-CONTRIB-2014-029 - Mime Mail - Access Bypass
https://www.drupal.org/node/2211419

SA-CONTRIB-2014-030 - SexyBookmarks - Information Disclosure
https://www.drupal.org/node/2216269

SA-CONTRIB-2014-031 - Webform Template - Access Bypass
https://www.drupal.org/node/2216607

SA-CONTRIB-2014-032 - Xapian integration - Access Bypass
https://www.drupal.org/node/2221403

SA-CONTRIB-2014-035 - CAS Server - Access Bypass
https://www.drupal.org/node/2231663

SA-CONTRIB-2014-039 - Revisioning - Access Bypass
https://www.drupal.org/node/2236807

SA-CONTRIB-2014-041 - Block Search - SQL Injection
https://www.drupal.org/node/2242463

SA-CONTRIB-2014-042 - Internationalization - Access Bypass
https://www.drupal.org/node/2248073

SA-CONTRIB-2014-045 - Drupal Commons - Access Bypass
https://www.drupal.org/node/2248171

SA-CONTRIB-2014-048 - Field API Pane Editor (FAPE) - Access bypass
https://www.drupal.org/node/2254943

SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass
https://www.drupal.org/node/2261245

SA-CONTRIB-2014-050 - Commerce Postfinance ePayment - Access Bypass
https://www.drupal.org/node/2267381

SA-CONTRIB-2014-051 - Realname Registration - Information Disclosure
https://www.drupal.org/node/2267481

SA-CONTRIB-2014-053 - Field API Tab Editor (FATE) - Access bypass
https://www.drupal.org/node/2267539

SA-CONTRIB-2014-054 - Views - Access Bypass
https://www.drupal.org/node/2271809

SA-CONTRIB-2014-055 - Require Login - Access bypass
https://www.drupal.org/node/2271837

SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure
https://www.drupal.org/node/2271823

SA-CONTRIB-2014-057 - Password policy - General logic error
https://www.drupal.org/node/2271839

SA-CONTRIB-2014-058 - Webserver Auth - Access Bypass
https://www.drupal.org/node/2275675

SA-CONTRIB-2014-060- Petitions - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2284571

SA-CONTRIB-2014-062 - Passsword Policy - Access Bypass (7x)
SA-CONTRIB-2014-062 - Passsword Policy - Access Bypass (6.x)
https://www.drupal.org/node/2288341

SA-CONTRIB-2014-064 -Course - Access bypass
https://www.drupal.org/node/2288403

SA-CONTRIB-2014-066 - Node Access Keys - Access Bypass
https://www.drupal.org/node/2296495

SA-CONTRIB-2014-068 - Pane - XSS
https://www.drupal.org/node/2296783

SA-CONTRIB-2014-070 - Password Policy - Access Bypass
https://www.drupal.org/node/2304213

SA-CONTRIB-2014-079 - RedHen CRM - Cross Site Scripting (XSS)
https://www.drupal.org/node/2324679

SA-CONTRIB-2014-086 - Custom BreadCrumbs - Cross Site Scripting (XSS)
https://www.drupal.org/node/2336263

SA-CONTRIB-2014-088 - Mollom - Cross-site scripting (XSS)
https://www.drupal.org/node/2340029

SA-CONTRIB-2014-089 - Geofield Yandex Maps - Cross Site Scripting (XSS)
https://www.drupal.org/node/2340039

SA-CONTRIB-2014-090 - Speech recognition - Cross Site Scripting (XSS)
SA-CONTRIB-2014-090 - Speech recognition - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2340063

SA-CONTRIB-2014-091 - Survey Builder - Cross Site Scripting (XSS)
https://www.drupal.org/node/2340069

SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS)
https://www.drupal.org/node/2344369

SA-CONTRIB-2014-095 - Safeword - Cross Site Scripting (XSS)
https://www.drupal.org/node/2344383

SA-CONTRIB-2014-096 - OAuth2 Client - Cross Site Scripting (XSS)
https://www.drupal.org/node/2352747

SA-CONTRIB-2014-097 - nodeaccess - Access Bypass
https://www.drupal.org/node/2352757

SA-CONTRIB-2014-098 - CKEditor - Cross Site Scripting (XSS)
https://www.drupal.org/node/2357029

SA-CONTRIB-2014-101 - Ubercart - Cross Site Request Forgery
https://www.drupal.org/node/2361613

SA-CONTRIB-2014-102 - Document - Cross Site Scripting
https://www.drupal.org/node/2361617

SA-CONTRIB-2014-103 - Passwordless - Cross Site Scripting (XSS)
https://www.drupal.org/node/2365645

SA-CONTRIB-2014-104 - Addressfield Tokens - Cross Site Scripting
https://www.drupal.org/node/2365673

SA-CONTRIB-2014-106 - Commerce Authorize.Net SIM/DPM Payment Methods -
Access Bypass
https://www.drupal.org/node/2365809

SA-CONTRIB-2014-107 - Scheduler - Cross Site Scripting
https://www.drupal.org/node/2373961

SA-CONTRIB-2014-109 - Freelinking - Cross Site Scripting (XSS)
https://www.drupal.org/node/2373981

SA-CONTRIB-2014-115 - Form Builder - Cross-Site Scripting (XSS)
https://www.drupal.org/node/2378441

SA-CONTRIB-2014-118 - Administer Users by Role - Access Bypass
https://www.drupal.org/node/2390687

SA-CONTRIB-2014-119 - Google Analytics - Information disclosure
https://www.drupal.org/node/2390689

SA-CONTRIB-2014-120 - Piwik Web Analytics - Information disclosure
https://www.drupal.org/node/2390695

SA-CONTRIB-2014-123 - Postal Code - Cross Site Scripting (XSS)
https://www.drupal.org/node/2390857

SA-CONTRIB-2014-125 - Organic Groups Menu - Access bypass
https://www.drupal.org/node/2390899

SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass
https://www.drupal.org/node/2395049

Many thanks

Regards
-- 
Pere Orga on behalf of the Drupal Security team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ