[SECURITY-L] [Security-news] Moderately critical and Critical Drupal vulnerabilities
CSIRT Unicamp
security em unicamp.br
Quarta Setembro 22 15:29:40 -03 2021
[Security-news] Commerce Core - Moderately critical - Access bypass,
Information Disclosure - SA-CONTRIB-2021-032
View online: https://www.drupal.org/sa-contrib-2021-032
Project: Commerce Core [1]
Date: 2021-September-22
Security risk: *Moderately critical* 14∕25
AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Access bypass, Information Disclosure
[Security-news] User hash - Moderately critical - Cache poisoning -
SA-CONTRIB-2021-030
View online: https://www.drupal.org/sa-contrib-2021-030
Project: User hash [1]
Date: 2021-September-22
Security risk: *Moderately critical* 12∕25
AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:All [2]
Vulnerability: Cache poisoning
[Security-news] Client-side Hierarchical Select - Moderately critical -
Cross-site scripting - SA-CONTRIB-2021-031
View online: https://www.drupal.org/sa-contrib-2021-031
Project: Client-side Hierarchical Select [1]
Date: 2021-September-22
Security risk: *Moderately critical* 13∕25
AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default [2]
Vulnerability: Cross-site scripting
[Security-news] File Extractor - Critical - Arbitrary PHP code execution -
SA-CONTRIB-2021-033
View online: https://www.drupal.org/sa-contrib-2021-033
Project: File Extractor [1]
Date: 2021-September-22
Security risk: *Critical* 15∕25
AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Default [2]
Vulnerability: Arbitrary PHP code execution
[Security-news] Search API attachments - Critical - Arbitrary PHP code
execution - SA-CONTRIB-2021-034
View online: https://www.drupal.org/sa-contrib-2021-034
Project: Search API attachments [1]
Date: 2021-September-22
Security risk: *Critical* 15∕25
AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Default [2]
Vulnerability: Arbitrary PHP code execution
[Security-news] The Better Mega Menu - Moderately critical - Access bypass
- SA-CONTRIB-2021-041
View online: https://www.drupal.org/sa-contrib-2021-041
Project: The Better Mega Menu [1]
Date: 2021-September-22
Security risk: *Moderately critical* 14∕25
AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Default [2]
Vulnerability: Access bypass
[Security-news] Taxonomy Manager - Moderately critical - Access bypass -
SA-CONTRIB-2021-035
View online: https://www.drupal.org/sa-contrib-2021-035
Project: Taxonomy Manager [1]
Date: 2021-September-22
Security risk: *Moderately critical* 10∕25
AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:Default [2]
Vulnerability: Access bypass
[Security-news] The Better Mega Menu - Critical - Cross Site Request
Forgery - SA-CONTRIB-2021-040
View online: https://www.drupal.org/sa-contrib-2021-040
Project: The Better Mega Menu [1]
Date: 2021-September-22
Security risk: *Critical* 15∕25
AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Cross Site Request Forgery
[Security-news] The Better Mega Menu - Moderately critical - Cross Site
Scripting - SA-CONTRIB-2021-039
View online: https://www.drupal.org/sa-contrib-2021-039
Project: The Better Mega Menu [1]
Date: 2021-September-22
Security risk: *Moderately critical* 13∕25
AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Cross Site Scripting
[Security-news] The Better Mega Menu - Moderately critical - Cross Site
Scripting, Information Disclosure, Multiple vulnerabilities -
SA-CONTRIB-2021-038
View online: https://www.drupal.org/sa-contrib-2021-038
Project: The Better Mega Menu [1]
Date: 2021-September-22
Security risk: *Moderately critical* 12∕25
AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Cross Site Scripting, Information Disclosure, Multiple
Vulnerabilities
[Security-news] Domain Group - Critical - Access bypass -
SA-CONTRIB-2021-037
View online: https://www.drupal.org/sa-contrib-2021-037
Project: Domain Group [1]
Date: 2021-September-22
Security risk: *Critical* 18∕25
AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Access bypass
[Security-news] SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider -
Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2021-036
View online: https://www.drupal.org/sa-contrib-2021-036
Project: SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider [1]
Date: 2021-September-22
Security risk: *Moderately critical* 14∕25
AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon [2]
Vulnerability: Multiple vulnerabilities
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20210922/4737acd4/attachment.html>
Mais detalhes sobre a lista de discussão SECURITY-L