CVE-2016-20001

The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2016-20004

The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2016-20005

The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

Design/Logic Flaw

The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

Cross site request forgery (csrf)

The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

Cross site request forgery (csrf)

The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

Design/Logic Flaw

The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2016-20001

The CVE-2016-20001 entry concerns the Drupal REST/JSON project (7.x-1.x). According to the sources, this module allows a node access bypass, referenced as SA-CONTRIB-2016-033. The vulnerability is documented across multiple feeds (NVD, Red Hat, CVE lists) with no explicit exploit details in the p...

CVE-2016-20002

CVE-2016-20002 affects the Drupal REST/JSON project (7.x-1.x). The issue is a comment access bypass (SA-CONTRIB-2016-033). The provided documents do not specify the exact root cause, affected methods/files, or explicit fixes. CVSS data from NVD indicates high impact (C/H/I/A) with network exploit...

CVE-2016-20003

The CVE-2016-20003 entry concerns the Drupal REST/JSON project (7.x-1.x) and notes a user enumeration vulnerability. Affected component: REST/JSON project for Drupal; underlying issue allows attackers to enumerate users. Public-facing exploit details or specific versions beyond the 7.x-1.x line a...

CVE-2016-20004

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2016-20005

CVE-2016-20005 affects the Drupal REST/JSON project for Drupal 7, version 7.x-1.x, where a user registration bypass is possible. The provided documents identify this as SA-CONTRIB-2016-033, but do not give a detailed root cause or the exact vulnerable code paths. There is no explicit exploitation...

CVE-2016-20006

The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2016-20006

The CVE concerns the REST/JSON project 7.x-1.x for Drupal, where SA-CONTRIB-2016-033 allows blocking of user logins. Connected sources corroborate that this entry relates to blocking logins within the Drupal REST/JSON 7.x-1.x module; no root-cause or technical exploit details are provided in the ...

CVE-2016-20007

CVE-2016-20007 affects the Drupal REST/JSON project 7.x-1.x. The vulnerability is described as a session name guessing flaw (SA-CONTRIB-2016-033) within this module. Based on the linked metrics, the issue carries CVSS v2 base score 5.0 (Medium) with Network access, Low attack complexity, no user ...

CVE-2016-20008

CVE-2016-20008 affects the Drupal REST/JSON project 7.x-1.x, with a session enumeration vulnerability (SA-CONTRIB-2016-033). Public references (NVD, Red Hat, CVE lists) describe it as a session-enumeration issue; no exploitation details or root cause are explicitly provided in the connected docum...