8 matches found
CVE-2022-36105
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...
CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action
JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...
BIT-TYPO3-2022-36105
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...
CVE-2022-36105 User Enumeration via Response Timing in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...
CVE-2022-36105 User Enumeration via Response Timing in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...
PT-2022-23195 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 7.6.58 ELTS TYPO3 versions prior to 8.7.48 ELTS TYPO3 versions prior to 9.5.37 ELTS TYPO3 versions prior to 10.4.32 TYPO3 versions prior to 11.5.16 Description: It has been discovered that observing response time durin...
Security Update for Microsoft Visual Studio Code .NET Install Tool for Extension Authors Extension (July 2021)
The Microsoft Visual Studio Code .NET Install Tool for Extension Authors Extension is prior to version 1.2.0. It is, therefore, affected by an elevation of privilege vulnerability due to inaccurately scoped permissions being set on downloaded .NET install scripts. Note that Nessus has not tested...
Microsoft Visual Studio Code 权限许可和访问控制问题漏洞
Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A vulnerability exists in Microsoft Visual Studio Code due to privilege licensing and access control issues. The following products and versions are affected: .NET Education Bundle SDK Install Tool, .NET...