Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 23 Mar 2016 12:35:20 +0100
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com
Cc: Drupal Security Team <security@...pal.org>
Subject: Remaining CVE IDs for Drupal contributed modules (2014)

Hi

Some of the following vulnerabilities may not have a CVE id assigned
due to product scope changes. Because I don't know what these changes
are (and failed to find them in https://cve.mitre.org) I am requesting
CVE ids for all Drupal vulnerabilities that currently don't have a CVE
id requested nor assigned.

Please can I have CVE IDs assigned to the following vulnerabilities:

SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing
https://www.drupal.org/node/2179099

SA-CONTRIB-2014-005 - Leaflet - Access bypass
https://www.drupal.org/node/2179103

SA-CONTRIB-2014-007 - Services - Access bypass
https://www.drupal.org/node/2184843

SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure
https://www.drupal.org/node/2187453

SA-CONTRIB-2014-010 - Services - Access Bypass and Privilege Escalation
https://www.drupal.org/node/2189509

SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure
https://www.drupal.org/node/2189643

SA-CONTRIB-2014-013 - Chaos tool suite (ctools) - Access Bypass
https://www.drupal.org/node/2194589

SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS)
https://www.drupal.org/node/2194621

SA-CONTRIB-2014-015 - FileField - Access Bypass
https://www.drupal.org/node/2194639

SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)
https://www.drupal.org/node/2194655

SA-CONTRIB-2014-022 - Slickgrid - Access bypass
https://www.drupal.org/node/2200491

SA-CONTRIB-2014-024 - Content Lock - CSRF
https://www.drupal.org/node/2205807

SA-CONTRIB-2014-025 - Open Omega - Access Bypass
https://www.drupal.org/node/2205877

SA-CONTRIB-2014-026 - Mime Mail - Access bypass
https://www.drupal.org/node/2205991

SA-CONTRIB-2014-028 - Masquerade - Access bypass
https://www.drupal.org/node/2211401

SA-CONTRIB-2014-029 - Mime Mail - Access Bypass
https://www.drupal.org/node/2211419

SA-CONTRIB-2014-030 - SexyBookmarks - Information Disclosure
https://www.drupal.org/node/2216269

SA-CONTRIB-2014-031 - Webform Template - Access Bypass
https://www.drupal.org/node/2216607

SA-CONTRIB-2014-032 - Xapian integration - Access Bypass
https://www.drupal.org/node/2221403

SA-CONTRIB-2014-035 - CAS Server - Access Bypass
https://www.drupal.org/node/2231663

SA-CONTRIB-2014-039 - Revisioning - Access Bypass
https://www.drupal.org/node/2236807

SA-CONTRIB-2014-041 - Block Search - SQL Injection
https://www.drupal.org/node/2242463

SA-CONTRIB-2014-042 - Internationalization - Access Bypass
https://www.drupal.org/node/2248073

SA-CONTRIB-2014-045 - Drupal Commons - Access Bypass
https://www.drupal.org/node/2248171

SA-CONTRIB-2014-048 - Field API Pane Editor (FAPE) - Access bypass
https://www.drupal.org/node/2254943

SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass
https://www.drupal.org/node/2261245

SA-CONTRIB-2014-050 - Commerce Postfinance ePayment - Access Bypass
https://www.drupal.org/node/2267381

SA-CONTRIB-2014-051 - Realname Registration - Information Disclosure
https://www.drupal.org/node/2267481

SA-CONTRIB-2014-053 - Field API Tab Editor (FATE) - Access bypass
https://www.drupal.org/node/2267539

SA-CONTRIB-2014-054 - Views - Access Bypass
https://www.drupal.org/node/2271809

SA-CONTRIB-2014-055 - Require Login - Access bypass
https://www.drupal.org/node/2271837

SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure
https://www.drupal.org/node/2271823

SA-CONTRIB-2014-057 - Password policy - General logic error
https://www.drupal.org/node/2271839

SA-CONTRIB-2014-058 - Webserver Auth - Access Bypass
https://www.drupal.org/node/2275675

SA-CONTRIB-2014-060- Petitions - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2284571

SA-CONTRIB-2014-062 - Passsword Policy - Access Bypass (7x)
SA-CONTRIB-2014-062 - Passsword Policy - Access Bypass (6.x)
https://www.drupal.org/node/2288341

SA-CONTRIB-2014-064 -Course - Access bypass
https://www.drupal.org/node/2288403

SA-CONTRIB-2014-066 - Node Access Keys - Access Bypass
https://www.drupal.org/node/2296495

SA-CONTRIB-2014-068 - Pane - XSS
https://www.drupal.org/node/2296783

SA-CONTRIB-2014-070 - Password Policy - Access Bypass
https://www.drupal.org/node/2304213

SA-CONTRIB-2014-079 - RedHen CRM - Cross Site Scripting (XSS)
https://www.drupal.org/node/2324679

SA-CONTRIB-2014-086 - Custom BreadCrumbs - Cross Site Scripting (XSS)
https://www.drupal.org/node/2336263

SA-CONTRIB-2014-088 - Mollom - Cross-site scripting (XSS)
https://www.drupal.org/node/2340029

SA-CONTRIB-2014-089 - Geofield Yandex Maps - Cross Site Scripting (XSS)
https://www.drupal.org/node/2340039

SA-CONTRIB-2014-090 - Speech recognition - Cross Site Scripting (XSS)
SA-CONTRIB-2014-090 - Speech recognition - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2340063

SA-CONTRIB-2014-091 - Survey Builder - Cross Site Scripting (XSS)
https://www.drupal.org/node/2340069

SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS)
https://www.drupal.org/node/2344369

SA-CONTRIB-2014-095 - Safeword - Cross Site Scripting (XSS)
https://www.drupal.org/node/2344383

SA-CONTRIB-2014-096 - OAuth2 Client - Cross Site Scripting (XSS)
https://www.drupal.org/node/2352747

SA-CONTRIB-2014-097 - nodeaccess - Access Bypass
https://www.drupal.org/node/2352757

SA-CONTRIB-2014-098 - CKEditor - Cross Site Scripting (XSS)
https://www.drupal.org/node/2357029

SA-CONTRIB-2014-101 - Ubercart - Cross Site Request Forgery
https://www.drupal.org/node/2361613

SA-CONTRIB-2014-102 - Document - Cross Site Scripting
https://www.drupal.org/node/2361617

SA-CONTRIB-2014-103 - Passwordless - Cross Site Scripting (XSS)
https://www.drupal.org/node/2365645

SA-CONTRIB-2014-104 - Addressfield Tokens - Cross Site Scripting
https://www.drupal.org/node/2365673

SA-CONTRIB-2014-106 - Commerce Authorize.Net SIM/DPM Payment Methods -
Access Bypass
https://www.drupal.org/node/2365809

SA-CONTRIB-2014-107 - Scheduler - Cross Site Scripting
https://www.drupal.org/node/2373961

SA-CONTRIB-2014-109 - Freelinking - Cross Site Scripting (XSS)
https://www.drupal.org/node/2373981

SA-CONTRIB-2014-115 - Form Builder - Cross-Site Scripting (XSS)
https://www.drupal.org/node/2378441

SA-CONTRIB-2014-118 - Administer Users by Role - Access Bypass
https://www.drupal.org/node/2390687

SA-CONTRIB-2014-119 - Google Analytics - Information disclosure
https://www.drupal.org/node/2390689

SA-CONTRIB-2014-120 - Piwik Web Analytics - Information disclosure
https://www.drupal.org/node/2390695

SA-CONTRIB-2014-123 - Postal Code - Cross Site Scripting (XSS)
https://www.drupal.org/node/2390857

SA-CONTRIB-2014-125 - Organic Groups Menu - Access bypass
https://www.drupal.org/node/2390899

SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass
https://www.drupal.org/node/2395049

Many thanks

Regards
-- 
Pere Orga on behalf of the Drupal Security team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.