[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAMYtjAqaiDFJ0t9kpi6wUZTwevvb0ZEpSeA0NUymqUGDLa4KQg@mail.gmail.com>
Date: Wed, 14 Oct 2015 18:57:35 +0200
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com
Cc: Drupal Security Team <security@...pal.org>
Subject: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132
to SA-CONTRIB-2015-156)
Hi
Please can I have CVEs assigned to the following vulnerabilities:
SA-CONTRIB-2015-132 - Administration Views - Information Disclosure
https://www.drupal.org/node/2529378
SA-CONTRIB-2015-133 - Path Breadcrumbs - Cross Site Scripting (XSS)
https://www.drupal.org/node/2533926
SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Scripting
SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Request Forgery
SA-CONTRIB-2015-134 - OSF for Drupal - Access bypass
https://www.drupal.org/node/2537860
SA-CONTRIB-2015-135 - Time Tracker - Cross Site Scripting (XSS)
https://www.drupal.org/node/2537866
SA-CONTRIB-2015-136 - Commerce Commonwealth (CBA) - Insufficient
Verification of API Data
https://www.drupal.org/node/2542380
SA-CONTRIB-2015-137 - Quick Edit - Cross Site Scripting (XSS)
https://www.drupal.org/node/2546164
SA-CONTRIB-2015-138 - Compass Rose - Cross Site Scripting (XSS)
https://www.drupal.org/node/2546174
SA-CONTRIB-2015-139 - Workbench Email - Access bypass
https://www.drupal.org/node/2553971
SA-CONTRIB-2015-140 - Search API Autocomplete - Cross Site Scripting (XSS)
https://www.drupal.org/node/2553977
SA-CONTRIB-2015-141 - Ctools - Cross Site Scripting (XSS)
SA-CONTRIB-2015-141 - Ctools - Access bypass
https://www.drupal.org/node/2554145
SA-CONTRIB-2015-142 - Spotlight - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561375
SA-CONTRIB-2015-143 - Zendesk Feedback Tab - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561893
SA-CONTRIB-2015-144 - Mass Contact - Cross Site Scripting (XSS)
https://www.drupal.org/node/2561951
SA-CONTRIB-2015-145 - Fieldable Panels Panes - Access bypass
https://www.drupal.org/node/2561971
SA-CONTRIB-2015-146 - Twitter - Access bypass
https://www.drupal.org/node/2565827
SA-CONTRIB-2015-147 - RESTful - Access bypass
https://www.drupal.org/node/2565875
SA-CONTRIB-2015-148 - Drupal 7 driver for SQL Server and SQL Azure -
SQL Injection
https://www.drupal.org/node/2569577
SA-CONTRIB-2015-149 - amoCRM - Cross Site Scripting (XSS)
https://www.drupal.org/node/2569587
SA-CONTRIB-2015-150 - CMS Updater - Access bypass
SA-CONTRIB-2015-150 - CMS Updater - Cross Site Scripting (XSS)
https://www.drupal.org/node/2569599
SA-CONTRIB-2015-151 - Scald - Information Disclosure
https://www.drupal.org/node/2569631
SA-CONTRIB-2015-152 - User Dashboard - SQL Injection
https://www.drupal.org/node/2577901
SA-CONTRIB-2015-153 - Taxonomy Find - Cross Site Scripting (XSS)
https://www.drupal.org/node/2577903
SA-CONTRIB-2015-154 - Stickynote - Cross Site Scripting (XSS)
https://www.drupal.org/node/2581997
SA-CONTRIB-2015-155 - Entity Registration - Information Disclosure
https://www.drupal.org/node/2582015
SA-CONTRIB-2015-156 - Colorbox - Access bypass
https://www.drupal.org/node/2582071
Many thanks
Regards
Pere Orga on behalf of the Drupal Security Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
