CVE-2020-4307

IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997...

CVE-2020-1114

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1087...

Cross-Site Request Forgery (CSRF)

@rails/ujs is vulnerable to cross-site request forgery CSRF. The same-origin header in XMLHttpRequest requests are not validated before including the CSRF token, potentially allowing remote attackers to submit requests on behalf of the user...

KLA11787 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilitie...

CVE-2020-11069

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

CVE-2020-11069

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

Cross site request forgery (csrf)

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

FreeBSD : typo3 -- multiple vulnerabilities (59fabdf2-9549-11ea-9448-08002728f74c)

Typo3 News : CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email...

GHSA-PQG8-CRX9-G8M4 Backend Same-Site Request Forgery in TYPO3 CMS

Meta CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C CWE-352 CWE-346 Problem It has been discovered that backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker...

Backend Same-Site Request Forgery in TYPO3 CMS

Meta CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C CWE-352 CWE-346 Problem It has been discovered that backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker...

CVE-2020-11069 Cross-Site Request Forgery in TYPO3 CMS

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

CVE-2020-11069

CVE-2020-11069 affects TYPO3 CMS 9.0.0–9.5.16 and 10.0.0–10.4.1. The issue is a same-site CSRF triggered by an XSS vulnerability in the backend UI/install tool, allowing a malicious payload uploaded to the server to execute in the victim’s session. In the worst case, an attacker could create new ...

PT-2020-12529 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.16 TYPO3 CMS versions 10.0.0 through 10.4.1 Description: A same-site request forgery vulnerability has been discovered in the backend user interface and install tool of TYPO3 CMS. This vulnerability can be...

python-requests: Redirect from HTTPS to HTTP does not remove Authorization header

A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 302 from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker coul...

TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-006...

TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-006...

Same-Origin Request Forgery to Backend User Interface

It has been discovered that the backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are then executed with the privilege...

typo3 -- multiple vulnerabilities

Typo3 News: CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email...

Improper Access Control

github.com/gorilla/handlers is vulnerable to improper access control. The vulnerability exists because it does not perform sufficient origin header access checks due to the misconfiguration of CORS, allowing an attacker to send malicious AJAX requests or HTML Document through it bypassing the sam...

openSUSE Security Update : webkit2gtk3 (openSUSE-2020-602)

This update for webkit2gtk3 to version 2.28.1 fixes the following issues : Security issues fixed : - CVE-2020-10018: Fixed a denial of service because the mdeferredFocusedNodeChange data structure was mishandled bsc1165528. - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a...