Avisos Tecnicos INTECO (España)

Syndicate content
Avisos y alertas de INCIBE es
Updated: 1 hour 4 min ago

CVE-2015-3393

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Open redirect vulnerability in the Commerce WeDeal module before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3392

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3391

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtaining sensitive node titles by reading a 403 Not Found page. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3390

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3389

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal allows remote authnticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3388

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3387

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Tools module before 7.x-1.4 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a (1) node or (2) taxonomy term title. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3386

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3385

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link to path" field formatter. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3384

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3383

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Open redirect vulnerability in the Node basket module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3382

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2) remove nodes from a basket via unspecified vectors. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3381

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3380

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrator for requests that (1) enable or (2) disable a module via unspecified vectors. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3379

Mon, 04/20/2015 - 20:00
*** Pendiente de traducción *** The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. 2015-04-20T22:00:00Z
Categories: Alertas

CVE-2015-3336

Sat, 04/18/2015 - 20:00
*** Pendiente de traducción *** Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL. 2015-04-18T22:00:00Z
Categories: Alertas

CVE-2015-3335

Sat, 04/18/2015 - 20:00
*** Pendiente de traducción *** The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox. 2015-04-18T22:00:00Z
Categories: Alertas

CVE-2015-3334

Sat, 04/18/2015 - 20:00
*** Pendiente de traducción *** browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited. 2015-04-18T22:00:00Z
Categories: Alertas

CVE-2015-3333

Sat, 04/18/2015 - 20:00
*** Pendiente de traducción *** Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-04-18T22:00:00Z
Categories: Alertas

CVE-2015-1249

Sat, 04/18/2015 - 20:00
*** Pendiente de traducción *** Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-04-18T22:00:00Z
Categories: Alertas