Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:32 p.m.11 views

CVE-2022-39213

go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...

7.5CVSS6.6AI score0.01202EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/09/16 8:59 p.m.22 views

Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function

Impact When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. Patches The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4. Workarounds The only way to avoid ...

7.5CVSS7.2AI score0.01202EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/15 9:45 p.m.5 views

CVE-2022-39213 Out-of-bounds Read in go-cvss

go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...

7.5CVSS7.6AI score0.01202EPSS
Exploits1References3
CVE
CVE
added 2022/09/15 9:45 p.m.104 views

CVE-2022-39213

CVE-2022-39213 affects the Go module go-cvss . In affected versions, parsing a full CVSS v2.0 vector with the function ParseVector can trigger an Out-of-Bounds Read, resulting in a panic. The issue is fixed in tag v0.4.0 (commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4); upgrading to that release...

7.5CVSS7.4AI score0.01202EPSS
Exploits1References3Affected Software1
Typo3
Typo3
added 2017/01/03 12:0 a.m.610 views

Remote Code Execution in third party library swiftmailer

It has been discovered, that the third party package swiftmailer/swiftmailer is vulnerable to Remote Code Execution Component Type: TYPO3 CMS Release Date: January 3, 2017 Vulnerability Type: Remote Code Execution Affected Versions: 6.2.0 to 6.2.29, 7.6.0 to 7.6.14 and 8.0.0 to 8.5.0 Severity: Lo...

9.7AI score0.41827EPSS
Exploits18Affected Software1
Typo3
Typo3
added 2016/07/19 12:0 a.m.491 views

Insecure Unserialize in TYPO3 Import/Export

It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Import/Export Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity:...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/04/12 12:0 a.m.16 views

Authentication Bypass in TYPO3 CMS

It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass. Component Type: TYPO3 CMS Release Date: April 12, 2016 Vulnerable subcomponent: Authentication Vulnerability Type: Authentication Bypass Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0 Severity:...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/02/17 12:0 a.m.11 views

Important Security-Bulletin Pre-Announcement

A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET. The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core. The following branches are affected by the vulnerability: TYPO3 4.3...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2013/03/06 12:0 a.m.27 views

SQL Injection and Open Redirection in TYPO3 Core

It has been discovered that TYPO3 Core is susceptible to SQL Injection and Open Redirection Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.23, 4.6.0 up to 4.6.16, 4.7.0 up to 4.7.8 and 6.0.0 up to 6.0.2 Vulnerability Types: SQL Injection, Open Redirection Overall Severity: High...

7.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2012/06/07 12:0 a.m.13 views

SQL Injection vulnerability in extension Basic SEO Features (seo_basics)

It has been discovered that the extension "Basic SEO Features" seobasics is vulnerable to SQL Injection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.8.2 and below Vulnerability Type: SQL Injection Severity: Hi...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2012/04/17 12:0 a.m.98 views

Cross-Site Scripting Vulnerability in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting. Component Type: TYPO3 Core Affected Versions: 4.4.0 up to 4.4.14, 4.5.0 up to 4.5.14, 4.6.0 up to 4.6.7 and development releases of the 4.7 branch. Vulnerable subcomponent: Exception Handler Vulnerability Type: Cross-Si...

4.3CVSS0.2AI score0.01387EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2011/10/20 12:0 a.m.17 views

Remote Command Execution and Remote File Disclosure vulnerability in extension pdf_generator2

It has been discovered that the extension pdfgenerator2 is vulnerable to Remote Code Execution and Remote File Disclosure Release Date: Oktober 20, 2011 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.21.0 and all...

7.4AI score
Exploits0Affected Software1
Typo3
Typo3
added 2011/09/07 12:0 a.m.11 views

Several Vulnerabilities in extension Direct Mail Subscription (direct_mail_subscription)

Several vulnerabilities have been found in the following third-party TYPO3 extension: directmailsubscription Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.1.0 and below Vulnerability Types: SQL Injection,...

7.4AI score
Exploits0Affected Software1
Typo3
Typo3
added 2011/05/23 12:0 a.m.16 views

Cross-Site Scripting and Open Redirection vulnerability in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting and Open Redirection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.10.3 and below Vulnerability Type:...

6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2010/07/28 12:0 a.m.11 views

Multiple vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting XSS, Open Redirection, SQL Injection, Broken Authentication and Session Management, Insecure Randomness, Information Disclosure, Arbitrary Code Execution Component Type: TYPO3 Core Affected Versions: 4.1.13 and below,...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder