TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-008...

TYPO3-CORE-SA-2020-007: Potential Privilege Escalation

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-007...

TYPO3-CORE-SA-2020-007: Potential Privilege Escalation

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-007...

Vulnerability which allows remote image dimensions check to be used to SSRF

More info at https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636...

Vulnerability which allows remote image dimensions check to be used to SSRF

More info at https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636...

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2020-014...

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2020-014...

CVE-2020-9311: Malicious user profile information can cause login form XSS

More info at https://www.silverstripe.org/download/security-releases/cve-2020-9311/...

CVE-2020-6165: Limited queries break CanViewPermissionChecker

More info at https://www.silverstripe.org/download/security-releases/cve-2020-6165...

CVE-2020-6164: Information disclosure on /interactive URL path

More info at https://www.silverstripe.org/download/security-releases/cve-2020-6164/...

CVE-2019-19326: Web Cache Poisoning through HTTPRequestBuilder

More info at https://www.silverstripe.org/download/security-releases/cve-2019-19326/...

Potentially sensitive data exposure

Description Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to...

Potentially sensitive data exposure

Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to not succeed...

SQL injection vulnerability in SearchController

More info at https://www.phpmyadmin.net/security/PMASA-2020-6/...

Header leakage on cross-domain redirects

This version fixes a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matching t...

EZSA-2020-004 Object Injection in SiteAccessMatchListener

More info at https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener...

EZSA-2020-004 Object Injection in SiteAccessMatchListener

More info at https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener...

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

More info at https://www.drupal.org/sa-core-2020-003...

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

More info at https://www.drupal.org/sa-core-2020-003...

XSS relating to the transformation feature

More info at https://www.phpmyadmin.net/security/PMASA-2020-5/...

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-001...

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-001...

TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-006...

TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-006...

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-005...

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-005...

TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-004...

TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-004...

TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-003...

TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-003...

TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-002...

TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-002...

Insecure default secret key and IV allowing anyone to decrypt values

This issue has been deleted...

Insecure default secret key and IV allowing anyone to decrypt values

This issue has been deleted...

SSTI Vulnerability

More info at https://twitter.com/nystudio107/status/1268736336200171520?lang=en...

SSTI Vulnerability

More info at https://twitter.com/nystudio107/status/1268736336200171520?lang=en...

EZSA-2020-003 XSS in DemoBundle/ezdemo bundled VideoJS

More info at https://ezplatform.com/security-advisories/ezsa-2020-003-xss-in-demobundle-ezdemo-bundled-videojs...

EZSA-2020-003 XSS in DemoBundle/ezdemo bundled VideoJS

More info at https://ezplatform.com/security-advisories/ezsa-2020-003-xss-in-demobundle-ezdemo-bundled-videojs...

CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler

More info at https://symfony.com/cve-2020-5274...

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

More info at https://symfony.com/cve-2020-5255...

CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy

More info at https://symfony.com/cve-2020-5275...

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

More info at https://symfony.com/cve-2020-5255...

CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler

More info at https://symfony.com/cve-2020-5274...

CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy

More info at https://symfony.com/cve-2020-5275...

CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy

More info at https://symfony.com/cve-2020-5275...

User content can redirect the logout button to different URL

More info at https://phabricator.wikimedia.org/T232932...

makeCollapsible allows applying event handler to any CSS selector

More info at https://phabricator.wikimedia.org/T246602...

SQL injection with processing username

More info at https://www.phpmyadmin.net/security/PMASA-2020-2/...

XSS vulnerability in blade templating

More info at https://github.com/laravel/framework/pull/31945...

XSS vulnerability in blade templating

More info at https://github.com/laravel/framework/pull/31945...