The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TYPO3 Core

threat bulletin 29243

TYPO3 Core: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TYPO3 Core.
Severity: 2/4.
Creation date: 07/05/2019.
Identifiers: TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29243.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of TYPO3 Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-11832

TYPO3 Core: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TYPO3 Core.
Severity: 2/4.
Creation date: 07/05/2019.
Identifiers: CVE-2019-11832, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29242.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of TYPO3 Core.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat 29241

TYPO3 Core: weak mode of password storage

Synthesis of the vulnerability

Passwords are stored after being hashed without salt, which allows parallel dictionary attacks.
Severity: 1/4.
Creation date: 07/05/2019.
Identifiers: TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29241.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Passwords are stored after being hashed without salt, which allows parallel dictionary attacks.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2019-10909 CVE-2019-11358

jQuery, Symfony: Cross Site Scripting via templates

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/04/2019.
Identifiers: bulletinoct2019, CERTFR-2019-AVI-180, cpuoct2019, CVE-2019-10909, CVE-2019-11358, DLA-1777-1, DLA-1777-2, DLA-1778-1, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4434-1, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29070.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2019-8331

Pivotal Ops Manager: Cross Site Scripting via Bootstrap

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Bootstrap of Pivotal Ops Manager, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 08/03/2019.
Identifiers: CVE-2019-8331, ibm10879483, RHSA-2019:1456-01, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-28700.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Pivotal Ops Manager product offers a web service.

However, it does not filter received data via Bootstrap before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Bootstrap of Pivotal Ops Manager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 28326

TYPO3 Core: Cross Site Scripting via Flash WebSVG Component

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Flash WebSVG Component of TYPO3 Core, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 22/01/2019.
Identifiers: TYPO3-PSA-2019-003, VIGILANCE-VUL-28326.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Flash WebSVG Component of TYPO3 Core, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

security threat 28325

TYPO3 Core: code execution via CommandUtility API

Synthesis of the vulnerability

An attacker can use a vulnerability via CommandUtility API of TYPO3 Core, in order to run code.
Severity: 3/4.
Creation date: 22/01/2019.
Identifiers: TYPO3-PSA-2019-001, VIGILANCE-VUL-28325.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via CommandUtility API of TYPO3 Core, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin 28322

TYPO3 Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TYPO3 Core.
Severity: 3/4.
Creation date: 22/01/2019.
Identifiers: TYPO3-CORE-SA-2019-001, TYPO3-CORE-SA-2019-002, TYPO3-CORE-SA-2019-003, TYPO3-CORE-SA-2019-004, TYPO3-CORE-SA-2019-005, TYPO3-CORE-SA-2019-006, TYPO3-CORE-SA-2019-007, TYPO3-CORE-SA-2019-008, VIGILANCE-VUL-28322.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of TYPO3 Core.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert 28000

TYPO3 Core: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TYPO3 Core.
Severity: 2/4.
Creation date: 11/12/2018.
Identifiers: TYPO3-CORE-SA-2018-005, TYPO3-CORE-SA-2018-006, TYPO3-CORE-SA-2018-007, TYPO3-CORE-SA-2018-008, TYPO3-CORE-SA-2018-009, TYPO3-CORE-SA-2018-010, TYPO3-CORE-SA-2018-011, TYPO3-CORE-SA-2018-012, VIGILANCE-VUL-28000.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of TYPO3 Core.
Full Vigil@nce bulletin... (Free trial)

security announce 27837

TYPO3 Core: information disclosure via NGINX

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via NGINX of TYPO3 Core, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 20/11/2018.
Identifiers: TYPO3-PSA-2018-002, VIGILANCE-VUL-27837.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via NGINX of TYPO3 Core, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about TYPO3 Core: