1697 matches found
TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-015...
TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-014...
TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-014...
Improper escaping of command arguments on Windows leading to command injection
Impact Windows users running Composer to install untrusted dependencies are affected and should definitely upgrade for safety. Other OSs and WSL are not affected. Patches 1.10.23 and 2.1.9 fix the issue Workarounds None...
CVE-2021-36150 - Insert from files link text - Reflective (self) Cross Site Scripting
More info at https://www.silverstripe.org/download/security-releases/CVE-2021-36150...
CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms
Description Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and,...
CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms
Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users...
Regular expression Denial of Service
More info at https://typo3.org/security/advisory/typo3-ext-sa-2021-016...
TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-013...
TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-013...
TYPO3-CORE-SA-2021-012: Information Disclosure in User Authentication
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-012...
TYPO3-CORE-SA-2021-012: Information Disclosure in User Authentication
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-012...
TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-011...
TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-011...
TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-010...
TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-010...
TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-009...
TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-009...
TOCTOU Race Condition enabling remote code execution
Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...
Form validation can be skipped in neos/form
Impact By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. We consider the severity low because it is not possible to change any form values since the form state is secured with an HMAC that is still verified. That means that...
CVE-2021-32693: Authentication granted to all firewalls instead of just one
More info at https://symfony.com/cve-2021-32693...
CVE-2021-32693: Authentication granted to all firewalls instead of just one
More info at https://symfony.com/cve-2021-32693...
RCE affecting Windows hosts via UNC paths to translation files
This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...
Untrusted code may be run from an overridden address validator
This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...
CVE-2020-26138 FormField: with square brackets in field name skips validation
More info at https://www.silverstripe.org/download/security-releases/cve-2020-26138...
CVE-2021-25817 XXE: Vulnerability in CSSContentParser
More info at https://www.silverstripe.org/download/security-releases/cve-2021-25817...
CVE-2020-26136 GraphQL doesn't honour MFA when using basic auth
More info at https://www.silverstripe.org/download/security-releases/cve-2020-26136...
CVE-2021-28661 Default GraphQL permission checker not inherited by query subclass
More info at https://www.silverstripe.org/download/security-releases/CVE-2021-28661...
Read private customer data reclaiming carts
Klaviyo read customer quotes for guest carts April 28th I've found a endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API. Data...
Read private customer data reclaiming carts
Klaviyo read customer quotes for guest carts April 28th I've found a endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API. Data -...
Improper Certificate Validation in WP-CLI framework
Description Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including...
Improper Certificate Validation in WP-CLI framework
Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
Object injection via local phar file
This is a security release. SECURITY Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as ssh2 Ensure method signature consisten...
Missing argument delimiter can lead to command execution via VCS repository URLs or source download URLs on systems with Mercurial
URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...
Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags
More info at https://phabricator.wikimedia.org/T279451...
Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags
More info at https://phabricator.wikimedia.org/T279451...
Improper Certificate Validation in phpseclib
No description provided...
Improper Certificate Validation in phpseclib
More info at https://github.com/phpseclib/phpseclib/pull/1635...
Regression in Query Parenthesis can have Security Implications
Return insensitive check after 8453 Problem: -andWhere"u.name = ?1 or u.username = ?1"; did not wrap part in parenthesis when or or and was written in lowercase anymore. It still worked for uppercase OR and AND. Fixes 8595...
CVE-2021-27938: XSS in CreateQueuedJobTask
More info at https://www.silverstripe.org/download/security-releases/cve-2021-27938...
TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-007...
TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-007...