CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1399
https://notcve.org/view.php?id=CVE-2014-1399
10 Apr 2018 — The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. La API de acceso al contenedor de entidad en el módulo Entity API, en versiones 7.x-1.x anteriores a la 7.x-1.3 para Drupal, podría permitir que usuarios autenticados remotos omitan las restricciones de acceso planeadas en las entidades referenciadas mediante vectores sin especificar. • http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1398
https://notcve.org/view.php?id=CVE-2014-1398
10 Apr 2018 — The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. La API de acceso al contenedor de entidad en el módulo Entity API, en versiones 7.x-1.x anteriores a la 7.x-1.3 para Drupal, podría permitir que usuarios autenticados remotos omitan las restricciones de acceso planeadas en las propiedades comment, user y node statistics m... • http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1400
https://notcve.org/view.php?id=CVE-2014-1400
10 Apr 2018 — The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. La API entity_access en el módulo Entity API, en versiones 7.x-1.x anteriores a la 7.x-1.3 para Drupal, podría permitir que usuarios autenticados remotos omitan las restricciones de acceso planeadas y lean comentarios no publicados mediante vectores sin especificar. • http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2197
https://notcve.org/view.php?id=CVE-2015-2197
03 Mar 2015 — Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. Vulnerabilidad de XSS en el módulo Entity API anterior a 7.x-1.6 para Drupal permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de una etiqueta de campo en la API Token. • http://www.securityfocus.com/bid/72806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2013-7391
https://notcve.org/view.php?id=CVE-2013-7391
19 Jul 2014 — The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations. El módulo Entity API 7.x-1.x anterior a 7.x-1.2 para Drupal, cuando utilice (a) el campo Views o (b) los plugins de área, permite a atacantes remotos leer entidades restringidos a través de (1... • http://www.openwall.com/lists/oss-security/2013/08/22/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2013-4273
https://notcve.org/view.php?id=CVE-2013-4273
19 Jul 2014 — The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector. El módulo Entity API 7.x-1.x anterior a 7.x-1.2 para Drupal no restringe debidamente el acceso a comentarios de nodos, lo que permite a usuarios remotos autenticados leer los comentarios... • http://www.openwall.com/lists/oss-security/2013/08/22/2 • CWE-264: Permissions, Privileges, and Access Controls •