Latest CVE Feed
-
5.3
MEDIUMCVE-2010-3673
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.... Read more
Affected Products : typo3- EPSS Score: %0.46
- Published: Nov. 05, 2019
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2010-3672
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.... Read more
Affected Products : typo3- EPSS Score: %0.45
- Published: Nov. 05, 2019
- Modified: Nov. 21, 2024
-
9.4
HIGHCVE-2010-3671
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.... Read more
Affected Products : typo3- EPSS Score: %0.90
- Published: Nov. 05, 2019
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2010-3670
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.... Read more
Affected Products : typo3- EPSS Score: %0.13
- Published: Nov. 05, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2010-3669
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.... Read more
Affected Products : typo3- EPSS Score: %0.24
- Published: Nov. 04, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2010-3668
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.... Read more
Affected Products : typo3- EPSS Score: %0.43
- Published: Nov. 04, 2019
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2010-3667
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.... Read more
Affected Products : typo3- EPSS Score: %0.32
- Published: Nov. 04, 2019
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2010-3666
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.... Read more
Affected Products : typo3- EPSS Score: %0.32
- Published: Nov. 04, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2010-3665
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.... Read more
Affected Products : typo3- EPSS Score: %0.43
- Published: Nov. 04, 2019
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2010-3664
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.... Read more
Affected Products : typo3- EPSS Score: %0.43
- Published: Nov. 04, 2019
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2010-3663
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.... Read more
Affected Products : typo3- EPSS Score: %3.15
- Published: Nov. 04, 2019
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2010-3662
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.... Read more
Affected Products : typo3- EPSS Score: %0.70
- Published: Nov. 04, 2019
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2010-3661
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.... Read more
Affected Products : typo3- EPSS Score: %0.27
- Published: Nov. 01, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2010-3660
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.... Read more
Affected Products : typo3- EPSS Score: %0.47
- Published: Nov. 01, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2010-3440
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.... Read more
- EPSS Score: %0.07
- Published: Nov. 12, 2019
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2010-3439
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.... Read more
- EPSS Score: %0.57
- Published: Nov. 12, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2010-3438
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnec... Read more
- EPSS Score: %0.53
- Published: Nov. 12, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2010-3375
qtparted has insecure library loading which may allow arbitrary code execution... Read more
Affected Products : qtparted- EPSS Score: %1.05
- Published: Oct. 29, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUM- EPSS Score: %0.14
- Published: Oct. 29, 2019
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2010-3359
If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the... Read more
- EPSS Score: %0.13
- Published: Nov. 12, 2019
- Modified: Nov. 21, 2024