ALPINE-CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser...

UBUNTU-CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser...

libksba 输入验证错误漏洞

libksba is an open source library from GnuPG Mirrors that makes the task of working with X.509 certificates, CMS data and related objects easier. A security vulnerability exists in versions prior to libksba 1.6.3 that stems from an integer overflow vulnerability in the CRL signature parser...

CVE-2022-3775

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...

CVE-2022-41963 BigBlueButton contains Improper Preservation of Permissions for whiteboard

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a...

BigBlueButton 安全漏洞

BigBlueButton is an open source web conferencing system from the BigBlueButton community. A security vulnerability exists in BigBlueButton versions prior to 2.4.3 that stems from the inclusion of a whiteboard grace period for handling delayed messages, which can be exploited by an attacker to tak...

CVE-2022-47406

An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...

Default credentials

An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...

Default credentials

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...

CVE-2022-23502

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...

CVE-2022-23502

TYPO3 contains an Insufficient Session Expiration after Password Reset vulnerability (CVE-2022-23502). The issue affects TYPO3 core versions prior to 10.4.33, 11.5.20, and 12.1.1, where password-reset sessions for a user account were not revoked for both frontend and backend sessions. The vulnera...

CVE-2022-23502 TYPO3 contains Insufficient Session Expiration after Password Reset

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...

TYPO3 代码问题漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fechangepwd that stems from the extension's inability to revoke an existing session for the current user when the password is changed...

PT-2022-28056 · Typo3 · Fe Change Pwd

Name of the Vulnerable Software and Affected Versions: fe change pwd extension versions 2.0.5 and earlier, 3.x versions prior to 3.0.3 Description: An issue was discovered in the fe change pwd extension for TYPO3, where the extension fails to revoke existing sessions for the current user when the...

PT-2022-16035 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 10.4.33 TYPO3 versions prior to 11.5.20 TYPO3 versions prior to 12.1.1 Description: The issue concerns the password recovery functionality in TYPO3, an open source PHP based web content management system. When users...

TYPO3 10.0.0 < 10.4.33 / 11.0.0 < 11.5.20 / 12.0.0 < 12.1.1 (TYPO3-CORE-SA-2022-014)

The version of TYPO3 installed on the remote host is prior to 10.0.0 10.4.33 / 11.0.0 11.5.20 / 12.0.0 12.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2022-014 advisory. - When users reset their password using the corresponding password recovery...

SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2022:4197-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4197-1 advisory. - strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a...

SUSE-SU-2022:4185-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service bsc1203556...

SUSE-SU-2022:4159-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service bsc1203556...

NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2022-0083)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231 - A malicious server can use the FTP...