diff options
| author | Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> | 2020-05-13 20:44:17 +0000 |
|---|---|---|
| committer | Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> | 2020-05-13 20:44:17 +0000 |
| commit | b2cec66348c17a8c8ac3a57103f0c17a3fcd016d (patch) | |
| tree | 3d9534263a0fd5916ab04496fec0a609a0108840 /security/vuxml | |
| parent | a24ec1f9ee8aa36d02aaf4c9b3a94ced28bdc343 (diff) | |
| download | ports-b2cec66348c17a8c8ac3a57103f0c17a3fcd016d.tar.gz ports-b2cec66348c17a8c8ac3a57103f0c17a3fcd016d.zip | |
Notes
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c9f22ed3f5eb..9784df1e9b06 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,108 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="59fabdf2-9549-11ea-9448-08002728f74c"> + <topic>typo3 -- multiple vulnerabilities</topic> + <affects> + <package> + <name>typo3-9-php72</name> + <name>typo3-9-php73</name> + <name>typo3-9-php74</name> + <range><lt>9.5.17</lt></range> + </package> + <package> + <name>typo3-10-php72</name> + <name>typo3-10-php73</name> + <name>typo3-10-php74</name> + <range><lt>10.4.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Typo3 News:</p> + <blockquote cite="https://typo3.org/article/typo3-1042-and-9517-security-releases-published"> + <p>CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in + Password Reset</p> + <p>It has been discovered that time-based attacks can be used with the + password reset functionality for backend users. This allows an attacker + to verify whether a backend user account with a given email address + exists or not.</p> + <p/> + <p>CVE-2020-11064: TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form + Engine</p> + <p>It has been discovered that HTML placeholder attributes containing + data of other database records are vulnerable to cross-site scripting. A + valid backend user account is needed to exploit this vulnerability.</p> + <p/> + <p>CVE-2020-11065: TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link + Handling</p> + <p>It has been discovered that link tags generated by typolink + functionality are vulnerable to cross-site scripting - properties being + assigned as HTML attributes have not been parsed correctly.</p> + <p/> + <p>CVE-2020-11066: TYPO3-CORE-SA-2020-004: Class destructors causing + side-effects when being unserialized</p> + <p>Calling unserialize() on malicious user-submitted content can result + in the following scenarios:</p> + <p>- trigger deletion of arbitrary directory in file system (if writable + for web server)</p> + <p>- trigger message submission via email using identity of web site + (mail relay)</p> + <p>Another insecure deserialization vulnerability is required to actually + exploit mentioned aspects.</p> + <p/> + <p>CVE-2020-11067: TYPO3-CORE-SA-2020-005: Insecure Deserialization in + Backend User Settings</p> + <p>It has been discovered that backend user settings (in $BE_USER->uc) are + vulnerable to insecure deserialization. In combination with + vulnerabilities of 3rd party components this can lead to remote code + execution. A valid backend user account is needed to exploit this + vulnerability.</p> + <p/> + <p>CVE-2020-11069: TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to + Backend User Interface</p> + <p>It has been discovered that the backend user interface and install tool + are vulnerable to same-site request forgery. A backend user can be + tricked into interacting with a malicious resource an attacker + previously managed to upload to the web server - scripts are then + executed with the privileges of the victims’ user session.</p> + <p>In a worst case scenario new admin users can be created which can + directly be used by an attacker. The vulnerability is basically a + cross-site request forgery (CSRF) triggered by a cross-site scripting + vulnerability (XSS) - but happens on the same target host - thus, it’ + actually a same-site request forgery (SSRF).</p> + <p>Malicious payload such as HTML containing JavaScript might be provided + by either an authenticated backend user or by a non-authenticated user + using a 3rd party extension - e.g. file upload in a contact form with + knowing the target location.</p> + <p>The attacked victim requires an active and valid backend or install + tool user session at the time of the attack to be successful.</p> + </blockquote> + </body> + </description> + <references> + <url>https://typo3.org/article/typo3-1042-and-9517-security-releases-published</url> + <url>https://get.typo3.org/release-notes/9.5.17</url> + <url>https://get.typo3.org/release-notes/10.4.2</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-001</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-002</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-003</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-004</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-005</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-006</url> + <cvename>CVE-2020-11063</cvename> + <cvename>CVE-2020-11064</cvename> + <cvename>CVE-2020-11065</cvename> + <cvename>CVE-2020-11066</cvename> + <cvename>CVE-2020-11067</cvename> + <cvename>CVE-2020-11069</cvename> + </references> + <dates> + <discovery>2020-05-12</discovery> + <entry>2020-05-13</entry> + </dates> + </vuln> + <vuln vid="0bfcae0b-947f-11ea-92ab-00163e433440"> <topic>FreeBSD -- Insufficient cryptodev MAC key length check</topic> <affects> |