From security em unicamp.br Wed Sep 22 15:29:40 2021 From: security em unicamp.br (CSIRT Unicamp) Date: Wed, 22 Sep 2021 15:29:40 -0300 Subject: [SECURITY-L] [Security-news] Moderately critical and Critical Drupal vulnerabilities Message-ID: [Security-news] Commerce Core - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2021-032 View online: https://www.drupal.org/sa-contrib-2021-032 Project: Commerce Core [1] Date: 2021-September-22 Security risk: *Moderately critical* 14?25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2] Vulnerability: Access bypass, Information Disclosure [Security-news] User hash - Moderately critical - Cache poisoning - SA-CONTRIB-2021-030 View online: https://www.drupal.org/sa-contrib-2021-030 Project: User hash [1] Date: 2021-September-22 Security risk: *Moderately critical* 12?25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:All [2] Vulnerability: Cache poisoning [Security-news] Client-side Hierarchical Select - Moderately critical - Cross-site scripting - SA-CONTRIB-2021-031 View online: https://www.drupal.org/sa-contrib-2021-031 Project: Client-side Hierarchical Select [1] Date: 2021-September-22 Security risk: *Moderately critical* 13?25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default [2] Vulnerability: Cross-site scripting [Security-news] File Extractor - Critical - Arbitrary PHP code execution - SA-CONTRIB-2021-033 View online: https://www.drupal.org/sa-contrib-2021-033 Project: File Extractor [1] Date: 2021-September-22 Security risk: *Critical* 15?25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Default [2] Vulnerability: Arbitrary PHP code execution [Security-news] Search API attachments - Critical - Arbitrary PHP code execution - SA-CONTRIB-2021-034 View online: https://www.drupal.org/sa-contrib-2021-034 Project: Search API attachments [1] Date: 2021-September-22 Security risk: *Critical* 15?25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Default [2] Vulnerability: Arbitrary PHP code execution [Security-news] The Better Mega Menu - Moderately critical - Access bypass - SA-CONTRIB-2021-041 View online: https://www.drupal.org/sa-contrib-2021-041 Project: The Better Mega Menu [1] Date: 2021-September-22 Security risk: *Moderately critical* 14?25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Default [2] Vulnerability: Access bypass [Security-news] Taxonomy Manager - Moderately critical - Access bypass - SA-CONTRIB-2021-035 View online: https://www.drupal.org/sa-contrib-2021-035 Project: Taxonomy Manager [1] Date: 2021-September-22 Security risk: *Moderately critical* 10?25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:Default [2] Vulnerability: Access bypass [Security-news] The Better Mega Menu - Critical - Cross Site Request Forgery - SA-CONTRIB-2021-040 View online: https://www.drupal.org/sa-contrib-2021-040 Project: The Better Mega Menu [1] Date: 2021-September-22 Security risk: *Critical* 15?25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2] Vulnerability: Cross Site Request Forgery [Security-news] The Better Mega Menu - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-039 View online: https://www.drupal.org/sa-contrib-2021-039 Project: The Better Mega Menu [1] Date: 2021-September-22 Security risk: *Moderately critical* 13?25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2] Vulnerability: Cross Site Scripting [Security-news] The Better Mega Menu - Moderately critical - Cross Site Scripting, Information Disclosure, Multiple vulnerabilities - SA-CONTRIB-2021-038 View online: https://www.drupal.org/sa-contrib-2021-038 Project: The Better Mega Menu [1] Date: 2021-September-22 Security risk: *Moderately critical* 12?25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All [2] Vulnerability: Cross Site Scripting, Information Disclosure, Multiple Vulnerabilities [Security-news] Domain Group - Critical - Access bypass - SA-CONTRIB-2021-037 View online: https://www.drupal.org/sa-contrib-2021-037 Project: Domain Group [1] Date: 2021-September-22 Security risk: *Critical* 18?25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2] Vulnerability: Access bypass [Security-news] SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2021-036 View online: https://www.drupal.org/sa-contrib-2021-036 Project: SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider [1] Date: 2021-September-22 Security risk: *Moderately critical* 14?25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon [2] Vulnerability: Multiple vulnerabilities === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: