Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for entity_api by entity_api_project
CVE-2014-1400 (GCVE-0-2014-1400)
Vulnerability from nvd – Published: 2018-04-10 15:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2014-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:34.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entity-cve20141400-sec-bypass(90396)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90396"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entity-cve20141400-sec-bypass(90396)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90396"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entity-cve20141400-sec-bypass(90396)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90396"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"name": "https://www.drupal.org/node/2169595",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2169595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1400",
"datePublished": "2018-04-10T15:00:00.000Z",
"dateReserved": "2014-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:34.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1399 (GCVE-0-2014-1399)
Vulnerability from nvd – Published: 2018-04-10 15:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2014-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:36.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entityapi-cve20141399-security-bypass(90216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90216"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entityapi-cve20141399-security-bypass(90216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90216"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entityapi-cve20141399-security-bypass(90216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90216"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"name": "https://www.drupal.org/node/2169595",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2169595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1399",
"datePublished": "2018-04-10T15:00:00.000Z",
"dateReserved": "2014-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:36.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1398 (GCVE-0-2014-1398)
Vulnerability from nvd – Published: 2018-04-10 15:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2014-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "drupal-entityapi-cve20141398-security-bypass(90215)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90215"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "drupal-entityapi-cve20141398-security-bypass(90215)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90215"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "drupal-entityapi-cve20141398-security-bypass(90215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90215"
},
{
"name": "FEDORA-2014-0508",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"name": "https://www.drupal.org/node/2169595",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2169595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1398",
"datePublished": "2018-04-10T15:00:00.000Z",
"dateReserved": "2014-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:35.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2197 (GCVE-0-2015-2197)
Vulnerability from nvd – Published: 2015-03-03 19:00 – Updated: 2024-09-16 18:04
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2437885"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2437905"
},
{
"name": "72806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72806"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-03T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2437885"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2437905"
},
{
"name": "72806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72806"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2437885",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2437885"
},
{
"name": "https://www.drupal.org/node/2437905",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2437905"
},
{
"name": "72806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72806"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2197",
"datePublished": "2015-03-03T19:00:00.000Z",
"dateReserved": "2015-03-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:04:22.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7391 (GCVE-0-2013-7391)
Vulnerability from nvd – Published: 2014-07-19 18:00 – Updated: 2024-08-06 18:09
VLAI?
Summary
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2013-08-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2065207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2065197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-19T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2065207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2065197"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"name": "https://drupal.org/node/2065207",
"refsource": "MISC",
"url": "https://drupal.org/node/2065207"
},
{
"name": "https://drupal.org/node/2065197",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2065197"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7391",
"datePublished": "2014-07-19T18:00:00.000Z",
"dateReserved": "2014-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:09:16.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4273 (GCVE-0-2013-4273)
Vulnerability from nvd – Published: 2014-07-19 18:00 – Updated: 2024-08-06 16:38
VLAI?
Summary
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2013-08-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2065207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2065197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-19T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2065207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2065197"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"name": "https://drupal.org/node/2065207",
"refsource": "MISC",
"url": "https://drupal.org/node/2065207"
},
{
"name": "https://drupal.org/node/2065197",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2065197"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4273",
"datePublished": "2014-07-19T18:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:38:01.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1400 (GCVE-0-2014-1400)
Vulnerability from cvelistv5 – Published: 2018-04-10 15:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2014-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:34.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entity-cve20141400-sec-bypass(90396)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90396"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entity-cve20141400-sec-bypass(90396)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90396"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entity-cve20141400-sec-bypass(90396)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90396"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"name": "https://www.drupal.org/node/2169595",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2169595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1400",
"datePublished": "2018-04-10T15:00:00.000Z",
"dateReserved": "2014-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:34.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1398 (GCVE-0-2014-1398)
Vulnerability from cvelistv5 – Published: 2018-04-10 15:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2014-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "drupal-entityapi-cve20141398-security-bypass(90215)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90215"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "drupal-entityapi-cve20141398-security-bypass(90215)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90215"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "drupal-entityapi-cve20141398-security-bypass(90215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90215"
},
{
"name": "FEDORA-2014-0508",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"name": "https://www.drupal.org/node/2169595",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2169595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1398",
"datePublished": "2018-04-10T15:00:00.000Z",
"dateReserved": "2014-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:35.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1399 (GCVE-0-2014-1399)
Vulnerability from cvelistv5 – Published: 2018-04-10 15:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2014-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:36.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entityapi-cve20141399-security-bypass(90216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90216"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entityapi-cve20141399-security-bypass(90216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90216"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2169595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64729"
},
{
"name": "FEDORA-2014-0508",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html"
},
{
"name": "FEDORA-2014-0509",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html"
},
{
"name": "drupal-entityapi-cve20141399-security-bypass(90216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90216"
},
{
"name": "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/09/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050802"
},
{
"name": "https://www.drupal.org/node/2169595",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2169595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1399",
"datePublished": "2018-04-10T15:00:00.000Z",
"dateReserved": "2014-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:36.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2197 (GCVE-0-2015-2197)
Vulnerability from cvelistv5 – Published: 2015-03-03 19:00 – Updated: 2024-09-16 18:04
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2437885"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2437905"
},
{
"name": "72806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72806"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-03T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2437885"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2437905"
},
{
"name": "72806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72806"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2437885",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2437885"
},
{
"name": "https://www.drupal.org/node/2437905",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2437905"
},
{
"name": "72806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72806"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2197",
"datePublished": "2015-03-03T19:00:00.000Z",
"dateReserved": "2015-03-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:04:22.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4273 (GCVE-0-2013-4273)
Vulnerability from cvelistv5 – Published: 2014-07-19 18:00 – Updated: 2024-08-06 16:38
VLAI?
Summary
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2013-08-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2065207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2065197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-19T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2065207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2065197"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"name": "https://drupal.org/node/2065207",
"refsource": "MISC",
"url": "https://drupal.org/node/2065207"
},
{
"name": "https://drupal.org/node/2065197",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2065197"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4273",
"datePublished": "2014-07-19T18:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:38:01.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7391 (GCVE-0-2013-7391)
Vulnerability from cvelistv5 – Published: 2014-07-19 18:00 – Updated: 2024-08-06 18:09
VLAI?
Summary
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2013-08-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2065207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2065197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-19T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2065207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2065197"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"name": "https://drupal.org/node/2065207",
"refsource": "MISC",
"url": "https://drupal.org/node/2065207"
},
{
"name": "https://drupal.org/node/2065197",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2065197"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7391",
"datePublished": "2014-07-19T18:00:00.000Z",
"dateReserved": "2014-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:09:16.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}