15 matches found
CVE-2022-39213
go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...
Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
Impact When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. Patches The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4. Workarounds The only way to avoid ...
CVE-2022-39213 Out-of-bounds Read in go-cvss
go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...
CVE-2022-39213
CVE-2022-39213 affects the Go module go-cvss . In affected versions, parsing a full CVSS v2.0 vector with the function ParseVector can trigger an Out-of-Bounds Read, resulting in a panic. The issue is fixed in tag v0.4.0 (commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4); upgrading to that release...
Remote Code Execution in third party library swiftmailer
It has been discovered, that the third party package swiftmailer/swiftmailer is vulnerable to Remote Code Execution Component Type: TYPO3 CMS Release Date: January 3, 2017 Vulnerability Type: Remote Code Execution Affected Versions: 6.2.0 to 6.2.29, 7.6.0 to 7.6.14 and 8.0.0 to 8.5.0 Severity: Lo...
Insecure Unserialize in TYPO3 Import/Export
It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Import/Export Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity:...
Authentication Bypass in TYPO3 CMS
It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass. Component Type: TYPO3 CMS Release Date: April 12, 2016 Vulnerable subcomponent: Authentication Vulnerability Type: Authentication Bypass Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0 Severity:...
Important Security-Bulletin Pre-Announcement
A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET. The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core. The following branches are affected by the vulnerability: TYPO3 4.3...
SQL Injection and Open Redirection in TYPO3 Core
It has been discovered that TYPO3 Core is susceptible to SQL Injection and Open Redirection Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.23, 4.6.0 up to 4.6.16, 4.7.0 up to 4.7.8 and 6.0.0 up to 6.0.2 Vulnerability Types: SQL Injection, Open Redirection Overall Severity: High...
SQL Injection vulnerability in extension Basic SEO Features (seo_basics)
It has been discovered that the extension "Basic SEO Features" seobasics is vulnerable to SQL Injection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.8.2 and below Vulnerability Type: SQL Injection Severity: Hi...
Cross-Site Scripting Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting. Component Type: TYPO3 Core Affected Versions: 4.4.0 up to 4.4.14, 4.5.0 up to 4.5.14, 4.6.0 up to 4.6.7 and development releases of the 4.7 branch. Vulnerable subcomponent: Exception Handler Vulnerability Type: Cross-Si...
Remote Command Execution and Remote File Disclosure vulnerability in extension pdf_generator2
It has been discovered that the extension pdfgenerator2 is vulnerable to Remote Code Execution and Remote File Disclosure Release Date: Oktober 20, 2011 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.21.0 and all...
Several Vulnerabilities in extension Direct Mail Subscription (direct_mail_subscription)
Several vulnerabilities have been found in the following third-party TYPO3 extension: directmailsubscription Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.1.0 and below Vulnerability Types: SQL Injection,...
Cross-Site Scripting and Open Redirection vulnerability in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting and Open Redirection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.10.3 and below Vulnerability Type:...
Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting XSS, Open Redirection, SQL Injection, Broken Authentication and Session Management, Insecure Randomness, Information Disclosure, Arbitrary Code Execution Component Type: TYPO3 Core Affected Versions: 4.1.13 and below,...