Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 4 Jul 2015 21:55:06 +0200
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com
Cc: Security Team <security@...pal.org>
Subject: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100
 to SA-CONTRIB-2015-131)

Hi

Please can I have CVEs assigned to the following vulnerabilities:

Camtasia Relay - Cross Site Scripting (XSS) - SA-CONTRIB-2015-100
https://www.drupal.org/node/2480241

MailChimp - Cross Site Scripting (XSS) - SA-CONTRIB-2015-101
https://www.drupal.org/node/2480253

Smart Trim - Cross Site Scripting (XSS) - SA-CONTRIB-2015-102
https://www.drupal.org/node/2480321

Views - Access Bypass - SA-CONTRIB-2015-103
https://www.drupal.org/node/2480327

Dynamic display block - Access bypass - SA-CONTRIB-2015-104
https://www.drupal.org/node/2484157

Video Consultation - Cross Site Scripting (XSS) - SA-CONTRIB-2015-105
https://www.drupal.org/node/2484195

Entityform Block - Access Bypass - SA-CONTRIB-2015-106
https://www.drupal.org/node/2484169

Webform Matrix Component - Cross Site Scripting (XSS) - SA-CONTRIB-2015-107
https://www.drupal.org/node/2484231

Mobile sliding menu - Cross Site Scripting (XSS) - SA-CONTRIB-2015-108
https://www.drupal.org/node/2484233

pass2pdf - Information Disclosure - SA-CONTRIB-2015-109
https://www.drupal.org/node/2492205

Web Links - Cross Site Scripting (XSS) - SA-CONTRIB-2015-110
https://www.drupal.org/node/2492209

Shipwire - Cross Site Scripting (XSS) - SA-CONTRIB-2015-111
https://www.drupal.org/node/2492243

Navigate - Access Bypass - SA-CONTRIB-2015-112
Navigate - Cross-site scripting - SA-CONTRIB-2015-112
https://www.drupal.org/node/2492245

Aegir - Code Execution Prevention - SA-CONTRIB-2015-113
https://www.drupal.org/node/2492317

Storage API - Access Bypass - SA-CONTRIB-2015-114
https://www.drupal.org/node/2495903

Chamilo integration - Open Redirect - SA-CONTRIB-2015-115
https://www.drupal.org/node/2495931

Novalnet Payment Module Ubercart - SQL Injection - SA-CONTRIB-2015-116
https://www.drupal.org/node/2499787

Novalnet Payment Module Drupal Commerce - SQL Injection - SA-CONTRIB-2015-117
https://www.drupal.org/node/2499791

HTTP Strict Transport Security - Logical Error - SA-CONTRIB-2015-118
https://www.drupal.org/node/2507563

Apache Solr Real-Time - Access Bypass - SA-CONTRIB-2015-119
https://www.drupal.org/node/2507581

Inline Entity Form - Cross Site Scripting (XSS) - SA-CONTRIB-2015-120
https://www.drupal.org/node/2507605

The eXtensible Catalog (XC) Drupal Toolkit - Cross Site Request
Forgery (CSRF) - SA-CONTRIB-2015-121
https://www.drupal.org/node/2507619

Administration Views - Access Bypass - SA-CONTRIB-2015-122
https://www.drupal.org/node/250764

jQuery Update - Open Redirect - SA-CONTRIB-2015-123
https://www.drupal.org/node/2507729

LABjs - Open Redirect - SA-CONTRIB-2015-124
https://www.drupal.org/node/2507735

Acquia Cloud Site Factory Connector - Open Redirect - SA-CONTRIB-2015-125
https://www.drupal.org/node/2507741

Content Construction Kit (CCK) - Open Redirect - SA-CONTRIB-2015-126
https://www.drupal.org/node/2507753

HybridAuth Social Login - Access bypass - SA-CONTRIB-2015-127
https://www.drupal.org/node/2511410

me aliases - Access Bypass - SA-CONTRIB-2015-128
https://www.drupal.org/node/2511424

Shibboleth authentication - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129
https://www.drupal.org/node/2511518

Migrate - Cross Site Scripting (XSS) - SA-CONTRIB-2015-130
https://www.drupal.org/node/2516678

Views Bulk Operations - Access Bypass - SA-CONTRIB-2015-131
https://www.drupal.org/node/2516688

Regards
Pere Orga on behalf of the Drupal Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.