Bugtraq ID: | 93885 |
Class: | Design Error |
CVE: | CVE-2016-8768 |
Remote: | No |
Local: | Yes |
Published: | Oct 26 2016 12:00AM |
Updated: | Nov 25 2016 02:04PM |
Credit: | Zhao Jianqiang, Chen Gengjia, Wang Qize, Zhu Bin and Pan Yu. |
Vulnerable: | Huawei Honor 7 6.9 Huawei Honor 6 Plus 6.9 Huawei Honor 6 6.9 |
Not Vulnerable: | Huawei Honor 7 6.9.16 Huawei Honor 6 Plus 6.9.16 Huawei Honor 6 6.9.16 |
Bugtraq ID: | 94259 |
Class: | Input Validation Error |
CVE: | CVE-2016-7148 CVE-2016-7146 |
Remote: | Yes |
Local: | No |
Published: | Nov 10 2016 12:00AM |
Updated: | Nov 23 2016 10:08AM |
Credit: | Curesec Research Team. |
Vulnerable: | MoinMoin MoinMoin 1.9.8 |
Not Vulnerable: | MoinMoin MoinMoin 1.9.9 |
Bugtraq ID: | 94083 |
Class: | Boundary Condition Error |
CVE: | CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 |
Remote: | Yes |
Local: | No |
Published: | Oct 31 2016 12:00AM |
Updated: | Nov 23 2016 04:08AM |
Credit: | Aleksandar Nikolic of Cisco Talos |
Vulnerable: | Memcached memcached 1.4.31 |
Not Vulnerable: |
Drupal provides a mechanism to alter database SELECT
queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities by implementing hook_query_alter()
or hook_query_TAG_alter()
in order to add additional conditions. Queries can be distinguished by means of query tags. As the documentation on EntityFieldQuery::addTag() suggests, access-tags on entity queries normally follow the form ENTITY_TYPE_access
(e.g. node_access
). However, the taxonomy module's access query tag predated this system and used term_access
as the query tag instead of taxonomy_term_access
.
As a result, before this security release modules wishing to restrict access to taxonomy terms may have implemented an unsupported tag, or needed to look for both tags (term_access
and taxonomy_term_access
) in order to be compatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. Otherwise information on taxonomy terms might have been disclosed to unprivileged users.
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
Under certain circumstances, malicious users could construct a URL to a confirmation form that would trick users into being redirected to a 3rd party website after interacting with the form, thereby exposing the users to potential social engineering attacks.
A specially crafted URL can cause a denial of service via the transliterate mechanism.
Install the latest version:
Also see the Drupal core project page.
Inconsistent name for term access query:
Incorrect cache context on password reset page:
Confirmation forms allow external URLs to be injected:
Denial of service via transliterate mechanism:
Inconsistent name for term access query:
Incorrect cache context on password reset page:
Confirmation forms allow external URLs to be injected:
Denial of service via transliterate mechanism:
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Bugtraq ID: | 94337 |
Class: | Unknown |
CVE: | CVE-2016-5292 CVE-2016-9067 CVE-2016-9069 CVE-2016-9068 CVE-2016-9072 CVE-2016-9075 CVE-2016-9077 CVE-2016-5295 CVE-2016-5298 CVE-2016-5299 CVE-2016-9061 CVE-2016-9062 CVE-2016-9070 CVE-2016-9073 CVE-2016-9076 CVE-2016-9063 CVE-2016-9071 CVE-2016-5289 |
Remote: | Yes |
Local: | No |
Published: | Nov 15 2016 12:00AM |
Updated: | Nov 16 2016 12:11AM |
Credit: | Daniel Browning, Nils, Bob Owen, Kris Maglione, Markus Stange, Holger Fuhrmannek, Jordi Chancel, Ken Okuyama, Daniel D., Abdulrahman Alqabandi, Will Bamberg, Mats Palmgren, Gustavo Grieco, Xiaoyin Liu and Mozilla developers. |
Vulnerable: | Mozilla Firefox 43.0.2 Mozilla Firefox 43.0.1 Mozilla Firefox 41.0.2 Mozilla Firefox 39.0.3 Mozilla Firefox 37.0.2 Mozilla Firefox 37.0.1 Mozilla Firefox 36.0.4 Mozilla Firefox 31.8 Mozilla Firefox 29.0.1 Mozilla Firefox 28.0.1 Mozilla Firefox 27.0.1 Mozilla Firefox 25.0.1 Mozilla Firefox 24.1.1 Mozilla Firefox 22.0 4917 Mozilla Firefox 19.0.2 Mozilla Firefox 19.0.1 Mozilla Firefox 17.0.10 Mozilla Firefox 17.0.7 Mozilla Firefox 17.0.6 Mozilla Firefox 17.0.5 Mozilla Firefox 17.0.4 Mozilla Firefox 17.0.3 Mozilla Firefox 17.0.2 Mozilla Firefox 16.0.2 Mozilla Firefox 16.0.1 Mozilla Firefox 15.0.1 Mozilla Firefox 13.0.1 Mozilla Firefox 10.0.12 Mozilla Firefox 9.0.1 Mozilla Firefox 3.6.28 Mozilla Firefox 3.6.22 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.2 Mozilla Firefox 3.6.1 Mozilla Firefox 3.5.16 Mozilla Firefox 3.5.14 Mozilla Firefox 3.5.13 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 3.0.18 Mozilla Firefox 3.0.17 Mozilla Firefox 3.0.16 Mozilla Firefox 3.0.15 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.1 Mozilla Firefox 2.0 20 Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .8 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozilla Firefox 2.0 .19 Mozilla Firefox 2.0 .17 Mozilla Firefox 2.0 .16 Mozilla Firefox 2.0 .10 Mozilla Firefox 2.0 .1 Mozilla Firefox 1.5.8 Mozilla Firefox 1.5.7 Mozilla Firefox 1.5.6 Mozilla Firefox 1.5.5 Mozilla Firefox 1.5.4 Mozilla Firefox 1.5.2 Mozilla Firefox 1.5.1 Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox 1.5 12 Mozilla Firefox 1.5 .8 Mozilla Firefox 1.5 Mozilla Firefox 1.0.8 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.3 Mozilla Firefox 1.0.2 Mozilla Firefox 1.0.1 Mozilla Firefox 1.0 Mozilla Firefox 0.10.1 Mozilla Firefox 0.10 Mozilla Firefox 0.9.3 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9 rc Mozilla Firefox 0.9 Mozilla Firefox 0.8 Mozilla Firefox 0.6.1 Mozilla Firefox 0.0.13 Mozilla Firefox 9.0 Mozilla Firefox 8.0.1 Mozilla Firefox 8.0 Mozilla Firefox 7.0.1 Mozilla Firefox 7.0 Mozilla Firefox 7 Mozilla Firefox 6.0.2 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0 Mozilla Firefox 6 Mozilla Firefox 5.0.1 Mozilla Firefox 5.0 Mozilla Firefox 49.0.2 Mozilla Firefox 49.0.1 Mozilla Firefox 49 Mozilla Firefox 48 Mozilla Firefox 47 Mozilla Firefox 46.0.1 Mozilla Firefox 46 Mozilla Firefox 45.0.2 Mozilla Firefox 45 Mozilla Firefox 44.0.2 Mozilla Firefox 44 Mozilla Firefox 43 Mozilla Firefox 42 Mozilla Firefox 41 Mozilla Firefox 40.0.3 Mozilla Firefox 40 Mozilla Firefox 4.0.1 Mozilla Firefox 4.0 Mozilla Firefox 39 Mozilla Firefox 38 Mozilla Firefox 37 Mozilla Firefox 36.0.3 Mozilla Firefox 36 Mozilla Firefox 35.0.1 Mozilla Firefox 35 Mozilla Firefox 34.0.5 Mozilla Firefox 34 Mozilla Firefox 33.0 Mozilla Firefox 33 Mozilla Firefox 32.0.3 Mozilla Firefox 32.0 Mozilla Firefox 32 Mozilla Firefox 31.8 Mozilla Firefox 31.6 Mozilla Firefox 31.1.0 Mozilla Firefox 31.1 Mozilla Firefox 31.0 Mozilla Firefox 31 Mozilla Firefox 30.0 Mozilla Firefox 30 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.27 Mozilla Firefox 3.6.26 Mozilla Firefox 3.6.25 Mozilla Firefox 3.6.24 Mozilla Firefox 3.6.23 Mozilla Firefox 3.6.21 Mozilla Firefox 3.6.20 Mozilla Firefox 3.6.19 Mozilla Firefox 3.6.18 Mozilla Firefox 3.6.17 Mozilla Firefox 3.6.16 Mozilla Firefox 3.6.15 Mozilla Firefox 3.6.14 Mozilla Firefox 3.6.12 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6 Beta 3 Mozilla Firefox 3.6 Beta 2 Mozilla Firefox 3.6 A1 Pre Mozilla Firefox 3.6 Mozilla Firefox 3.5.19 Mozilla Firefox 3.5.18 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.15 Mozilla Firefox 3.5.12 Mozilla Firefox 3.5.11 Mozilla Firefox 3.1 Mozilla Firefox 3.0.19 Mozilla Firefox 3.0 Mozilla Firefox 29.0 Mozilla Firefox 29 Mozilla Firefox 28.0 Mozilla Firefox 28 Mozilla Firefox 27.0 Mozilla Firefox 27 Mozilla Firefox 26.0 Mozilla Firefox 26 Mozilla Firefox 25.0 Mozilla Firefox 24.1 Mozilla Firefox 24.0 Mozilla Firefox 23.0.1 Mozilla Firefox 23.0 Mozilla Firefox 22.0 Mozilla Firefox 21.0 Mozilla Firefox 20.0.1 Mozilla Firefox 20.0 Mozilla Firefox 2.0.0.21 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.19 Mozilla Firefox 2.0.0.18 Mozilla Firefox 2.0.0.15 Mozilla Firefox 2.0.0.14 Mozilla Firefox 2.0.0.13 Mozilla Firefox 2.0.0.12 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0 RC3 Mozilla Firefox 2.0 RC2 Mozilla Firefox 2.0 Beta1 Mozilla Firefox 2.0 beta 1 Mozilla Firefox 2.0 8 Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .10 Mozilla Firefox 2.0 .1 Mozilla Firefox 2.0 Mozilla Firefox 19.0 Mozilla Firefox 18.0.2 Mozilla Firefox 18.0.1 Mozilla Firefox 18.0 Mozilla Firefox 17.0.9 Mozilla Firefox 17.0.8 Mozilla Firefox 17.0.11 Mozilla Firefox 17.0.1 Mozilla Firefox 17.0 Mozilla Firefox 16.0 Mozilla Firefox 16 Mozilla Firefox 15.0 Mozilla Firefox 15 Mozilla Firefox 14.01 Mozilla Firefox 14.0.1 Mozilla Firefox 14.0 Mozilla Firefox 14 Mozilla Firefox 13.0 Mozilla Firefox 12.0 Beta6 Mozilla Firefox 12.0 Mozilla Firefox 11.0 Mozilla Firefox 10.0.9 Mozilla Firefox 10.0.8 Mozilla Firefox 10.0.7 Mozilla Firefox 10.0.6 Mozilla Firefox 10.0.5 Mozilla Firefox 10.0.4 Mozilla Firefox 10.0.3 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.11 Mozilla Firefox 10.0.10 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0 Mozilla Firefox 10 Mozilla Firefox 1.8 Mozilla Firefox 1.5.3 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.10 Mozilla Firefox 1.5.0.1 Mozilla Firefox 1.4.1 Mozilla Firefox 0.9 Rc Mozilla Firefox 0.7 Mozilla Firefox 0.6 Mozilla Firefox 0.5 Mozilla Firefox 0.4 Mozilla Firefox 0.3 Mozilla Firefox 0.2 Mozilla Firefox 0.1 |
Not Vulnerable: | Mozilla Firefox 50 |
Bugtraq ID: | 93210 |
Class: | Input Validation Error |
CVE: | CVE-2016-5061 CVE-2016-5061 CVE-2016-5061 CVE-2016-5061 CVE-2016-5061 |
Remote: | Yes |
Local: | No |
Published: | Sep 28 2016 12:00AM |
Updated: | Sep 29 2016 12:01AM |
Credit: | Matthew Benton and Richard Kelley. |
Vulnerable: | Aternity Aternity 9 |
Not Vulnerable: |
Recent Comments