Default credentials

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...

CVE-2022-23502

TYPO3 contains an Insufficient Session Expiration after Password Reset vulnerability (CVE-2022-23502). The issue affects TYPO3 core versions prior to 10.4.33, 11.5.20, and 12.1.1, where password-reset sessions for a user account were not revoked for both frontend and backend sessions. The vulnera...

CVE-2022-23502 TYPO3 contains Insufficient Session Expiration after Password Reset

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...

TYPO3 代码问题漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fechangepwd that stems from the extension's inability to revoke an existing session for the current user when the password is changed...

PT-2022-28056 · Typo3 · Fe Change Pwd

Name of the Vulnerable Software and Affected Versions: fe change pwd extension versions 2.0.5 and earlier, 3.x versions prior to 3.0.3 Description: An issue was discovered in the fe change pwd extension for TYPO3, where the extension fails to revoke existing sessions for the current user when the...

PT-2022-16035 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 10.4.33 TYPO3 versions prior to 11.5.20 TYPO3 versions prior to 12.1.1 Description: The issue concerns the password recovery functionality in TYPO3, an open source PHP based web content management system. When users...

TYPO3 10.0.0 < 10.4.33 / 11.0.0 < 11.5.20 / 12.0.0 < 12.1.1 (TYPO3-CORE-SA-2022-014)

The version of TYPO3 installed on the remote host is prior to 10.0.0 10.4.33 / 11.0.0 11.5.20 / 12.0.0 12.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2022-014 advisory. - When users reset their password using the corresponding password recovery...

SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2022:4197-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4197-1 advisory. - strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a...

SUSE-SU-2022:4185-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service bsc1203556...

SUSE-SU-2022:4159-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service bsc1203556...

NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2022-0083)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231 - A malicious server can use the FTP...

Users are unable to revoke consents

Lines of code Vulnerability details Impact Neither lenders nor borrowers can revoke mutualConsents. This can pose an issue if a lender has given consent to lend funds but a borrower has proven untrustworthy either through actions in another credit line or some other public way. A lender should be...

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake or sends an excessive amount of application data.

...

OESA-2022-2034 strongswan security update

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. Security Fixes: strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a...

libksba: integer overflow may lead to remote code execution

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

Octopus Server 授权问题漏洞

Octopus Server is an automated deployment platform. An authorization issue vulnerability exists in Octopus Server that stems from access rights being managed by an external authentication provider, where disabling or deleting a user's API key may still be valid after access rights have been...

PT-2022-17478 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue concerns Octopus Server versions where access is managed by an external authentication provider. In these versions, it was possible for the API key/keys of a disabled or...

AZL-11398 CVE-2022-40617 affecting package strongswan for versions less than 5.9.8-1

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

ALPINE-CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...