[SECURITY-L] [Security-news] Moderately critical and Critical Drupal vulnerabilities

CSIRT Unicamp security em unicamp.br
Quarta Setembro 22 15:29:40 -03 2021 

[Security-news] Commerce Core - Moderately critical - Access bypass,
Information Disclosure - SA-CONTRIB-2021-032

View online: https://www.drupal.org/sa-contrib-2021-032

Project: Commerce Core [1]

Date: 2021-September-22

Security risk: *Moderately critical* 14∕25

AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2]

Vulnerability: Access bypass, Information Disclosure


[Security-news] User hash - Moderately critical - Cache poisoning -
SA-CONTRIB-2021-030



View online: https://www.drupal.org/sa-contrib-2021-030



Project: User hash [1]

Date: 2021-September-22

Security risk: *Moderately critical* 12∕25

AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:All [2]

Vulnerability: Cache poisoning



[Security-news] Client-side Hierarchical Select - Moderately critical -
Cross-site scripting - SA-CONTRIB-2021-031



View online: https://www.drupal.org/sa-contrib-2021-031



Project: Client-side Hierarchical Select [1]

Date: 2021-September-22

Security risk: *Moderately critical* 13∕25

AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default [2]

Vulnerability: Cross-site scripting



[Security-news] File Extractor - Critical - Arbitrary PHP code execution -
SA-CONTRIB-2021-033

View online: https://www.drupal.org/sa-contrib-2021-033



Project: File Extractor [1]

Date: 2021-September-22

Security risk: *Critical* 15∕25

AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Default [2]

Vulnerability: Arbitrary PHP code execution



[Security-news] Search API attachments - Critical - Arbitrary PHP code
execution - SA-CONTRIB-2021-034



View online: https://www.drupal.org/sa-contrib-2021-034



Project: Search API attachments [1]

Date: 2021-September-22

Security risk: *Critical* 15∕25

AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Default [2]

Vulnerability: Arbitrary PHP code execution


[Security-news] The Better Mega Menu - Moderately critical - Access bypass
- SA-CONTRIB-2021-041



View online: https://www.drupal.org/sa-contrib-2021-041



Project: The Better Mega Menu [1]

Date: 2021-September-22

Security risk: *Moderately critical* 14∕25

AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Default [2]

Vulnerability: Access bypass


[Security-news] Taxonomy Manager - Moderately critical - Access bypass -
SA-CONTRIB-2021-035



View online: https://www.drupal.org/sa-contrib-2021-035



Project: Taxonomy Manager [1]

Date: 2021-September-22

Security risk: *Moderately critical* 10∕25

AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:Default [2]

Vulnerability: Access bypass


[Security-news] The Better Mega Menu - Critical - Cross Site Request
Forgery - SA-CONTRIB-2021-040

View online: https://www.drupal.org/sa-contrib-2021-040

Project: The Better Mega Menu [1]

Date: 2021-September-22

Security risk: *Critical* 15∕25

AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2]

Vulnerability: Cross Site Request Forgery

[Security-news] The Better Mega Menu - Moderately critical - Cross Site
Scripting - SA-CONTRIB-2021-039

View online: https://www.drupal.org/sa-contrib-2021-039

Project: The Better Mega Menu [1]

Date: 2021-September-22

Security risk: *Moderately critical* 13∕25

AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2]

Vulnerability: Cross Site Scripting


[Security-news] The Better Mega Menu - Moderately critical - Cross Site
Scripting, Information Disclosure, Multiple vulnerabilities -
SA-CONTRIB-2021-038

View online: https://www.drupal.org/sa-contrib-2021-038

Project: The Better Mega Menu [1]

Date: 2021-September-22

Security risk: *Moderately critical* 12∕25

AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All [2]

Vulnerability: Cross Site Scripting, Information Disclosure, Multiple

Vulnerabilities

[Security-news] Domain Group - Critical - Access bypass -
SA-CONTRIB-2021-037

View online: https://www.drupal.org/sa-contrib-2021-037

Project: Domain Group [1]

Date: 2021-September-22

Security risk: *Critical* 18∕25

AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2]

Vulnerability: Access bypass


[Security-news] SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider -
Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2021-036

View online: https://www.drupal.org/sa-contrib-2021-036



Project: SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider [1]

Date: 2021-September-22

Security risk: *Moderately critical* 14∕25

AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon [2]

Vulnerability: Multiple vulnerabilities
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20210922/4737acd4/attachment.html>

Mais detalhes sobre a lista de discussão SECURITY-L