8000 Merge pull request #648 from ohader/sec/typo3-september-2022 · FriendsOfPHP/security-advisories@8b09a24 · GitHub 8000
[go: up one dir, main page]
Skip to content

Commit 8b09a24

Browse files
nadermannaderman
authored
Merge pull request #648 from ohader/sec/typo3-september-2022
Add security advisories for TYPO3's September 2022 releases
2 parents cf202e1 + f964ab3 commit 8b09a24

13 files changed

+137
-0
lines changed

typo3/cms-core/CVE-2022-36020.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
title: 'TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer'
2+
link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-011'
3+
cve: CVE-2022-36020
4+
branches:
5+
10.x:
6+
time: '2022-09-13 08:07:02'
7+
versions: ['>=10.0.0', '<10.4.32']
8+
11.x:
9+
time: '2022-09-13 08:07:54'
10+
versions: ['>=11.0.0', '<11.5.16']
11+
reference: 'composer://typo3/cms-core'

typo3/cms-core/CVE-2022-36104.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
title: 'TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling'
2+
link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-006'
3+
cve: CVE-2022-36104
4+
branches:
5+
11.x:
6+
time: '2022-09-13 08:07:10'
7+
versions: ['>=11.0.0', '<11.5.16']
8+
reference: 'composer://typo3/cms-core'

typo3/cms-core/CVE-2022-36105.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
title: 'TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing'
2+
link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-007'
3+
cve: CVE-2022-36105
4+
branches:
5+
10.x:
6+
time: '2022-09-13 08:06:22'
7+
versions: ['>=10.0.0', '<10.4.32']
8+
11.x:
9+
time: '2022-09-13 08:07:20'
10+
versions: ['>=11.0.0', '<11.5.16']
11+
reference: 'composer://typo3/cms-core'

typo3/cms-core/CVE-2022-36106.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
title: 'TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users'
2+
link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-008'
3+
cve: CVE-2022-36106
4+
branches:
5+
10.x:
6+
time: '2022-09-13 08:06:31'
7+
versions: ['>=10.0.0', '<10.4.32']
8+
11.x:
9+
time: '2022-09-13 08:07:29'
10+
versions: ['>=11.0.0', '<11.5.16']
11+
reference: 'composer://typo3/cms-core'

typo3/cms-core/CVE-2022-36107.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
title: 'TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController'
2+
link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-009'
3+
cve: CVE-2022-36107
4+
branches:
5+
10.x:
6+
time: '2022-09-13 08:06:41'
7+
versions: ['>=10.0.0', '<10.4.32']
8+
11.x:
9+
time: '2022-09-13 08:07:38'
10+
versions: ['>=11.0.0', '<11.5.16']
11+
reference: 'composer://typo3/cms-core'

typo3/cms-core/CVE-2022-36108.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
title: 'TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper'
2+
link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-010'
3+
cve: CVE-2022-36108
4+
branches:
5+
10.x:
6+
time: '2022-09-13 08:06:53'
7+
versions: ['>=10.0.0', '<10.4.32']
< 67F4 /td>
8+
11.x:
9+
time: '2022-09-13 08:07:46'
10+
versions: ['>=11.0.0', '<11.5.16']
11+
reference: 'composer://typo3/cms-core'

typo3/cms/CVE-2022-36020.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
title: 'TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer'
2+
link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-011'
3+
cve: CVE-2022-36020
4+
branches:
5+
10.x:
6+
time: '2022-09-13 08:07:02'
7+
versions: ['>=10.0.0', '<10.4.32']
8+
11.x:
9+
time: '2022-09-13 08:07:54'
10+
versions: ['>=11.0.0', '<11.5.16']
11+
reference: 'composer://typo3/cms'

typo3/cms/CVE-2022-36104.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
title: 'TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling'
2+
link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-006'
3+
cve: CVE-2022-36104
4+
branches:
5+
11.x:
6+
time: '2022-09-13 08:07:10'
7+
versions: ['>=11.0.0', '<11.5.16']
8+
reference: 'composer://typo3/cms'

typo3/cms/CVE-2022-36105.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
title: 'TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing'
2+
link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-007'
3+
cve: CVE-2022-36105
4+
branches:
5+
10.x:
6+
time: '2022-09-13 08:06:22'
7+
versions: ['>=10.0.0', '<10.4.32']
8+
11.x:
9+
time: '2022-09-13 08:07:20'
10+
versions: ['>=11.0.0', '<11.5.16']
11+
reference: 'composer://typo3/cms'

typo3/cms/CVE-2022-36106.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
title: 'TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users'
2+
link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-008'
3+
cve: CVE-2022-36106
4+
branches:
5+
10.x:
6+
time: '2022-09-13 08:06:31'
7+
versions: ['>=10.0.0', '<10.4.32']
8+
11.x:
9+
time: '2022-09-13 08:07:29'
10+
versions: ['>=11.0.0', '<11.5.16']
11+
reference: 'composer://typo3/cms'

0 commit comments

Comments
 (0)
0