CVE-2021-36792
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.
Source: CVE-2021-36792
CVE-2021-36792
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.
Source: CVE-2021-36792
CVE-2020-18759
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.’s PLC MAC1100.
Source: CVE-2020-18759
CVE-2021-36793
The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
Source: CVE-2021-36793
CVE-2020-18757
An issue in Dut Computer Control Engineering Co.’s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.
Source: CVE-2020-18757
CVE-2020-18758
An issue in Dut Computer Control Engineering Co.’s PLC MAC1100 allows attackers to execute arbitrary code.
Source: CVE-2020-18758
CVE-2020-18756
An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.’s PLC MAC1100 allows attackers to read the contents of any variable area.
Source: CVE-2020-18756
CVE-2021-38623
The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.
Source: CVE-2021-38623
CVE-2021-36790
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.
Source: CVE-2021-36790
CVE-2021-36785
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.
Source: CVE-2021-36785
CVE-2021-36788
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.
Source: CVE-2021-36788