VulnerableCode Package Details - pkg:deb/debian/typo3-src@4.0.2%2Bdebian-9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/typo3-src@4.0.2%2Bdebian-9

Essentials
History (53)

purl	pkg:deb/debian/typo3-src@4.0.2%2Bdebian-9

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	7.8

Vulnerabilities affecting this package (16)

Vulnerability	Summary	Fixed by
VCID-133h-9erq-2fhy Aliases: CVE-2014-3946 GHSA-vccp-5v5h-p8m6	security update	There are no reported fixed by versions.
VCID-4auu-re6t-p3gu Aliases: CVE-2014-3944 GHSA-9j8h-xrgj-7gw2	Improper Authentication The Authentication component in TYPO3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.	There are no reported fixed by versions.
VCID-5rae-psy2-dba5 Aliases: CVE-2013-7076	several	There are no reported fixed by versions.
VCID-75re-n41m-y3et Aliases: CVE-2013-7081 GHSA-r674-mc9p-hvw5	TYPO3 Improper Access Control vulnerability The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.	There are no reported fixed by versions.
VCID-8ahj-xadv-xbhr Aliases: CVE-2013-7078 GHSA-qj69-chjp-g4f5	TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.	There are no reported fixed by versions.
VCID-9j2h-q1n5-kbgt Aliases: CVE-2014-3943 GHSA-qqh2-h6gw-6x8x	Typo3 XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.	There are no reported fixed by versions.
VCID-d79s-4kzk-hugy Aliases: CVE-2014-3941 GHSA-594h-cx6w-p4jf	Typo3 Host Header Spoofing Vulnerability TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."	There are no reported fixed by versions.
VCID-ftr5-c6nt-gbh4 Aliases: CVE-2013-7080 GHSA-5fj8-wh3g-qvq2	TYPO3 is vulnerable to Mass Assignment in the Extension table administration library The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."	There are no reported fixed by versions.
VCID-m3dg-q4eg-wyfb Aliases: CVE-2014-3942 GHSA-55g3-fjwm-w2c8	TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.	There are no reported fixed by versions.
VCID-mrst-4yau-ubce Aliases: CVE-2014-3945 GHSA-h7wf-jg4f-x2wc	security update	There are no reported fixed by versions.
VCID-p8m8-y53c-cubn Aliases: CVE-2013-7073 GHSA-4rpv-g4gq-rh4m	TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.	There are no reported fixed by versions.
VCID-vgwd-1z7m-gkh8 Aliases: CVE-2015-2047	security update	There are no reported fixed by versions.
VCID-wxg4-7yap-3qdx Aliases: CVE-2013-1464	cross-site scripting	There are no reported fixed by versions.
VCID-y9d1-wwne-hba5 Aliases: CVE-2013-7074 GHSA-r8m7-792j-5jvq	several	There are no reported fixed by versions.
VCID-yadx-n3tq-rkdb Aliases: CVE-2013-7079 GHSA-838c-v5cq-hp33	several	There are no reported fixed by versions.
VCID-zqqe-vew2-nbfk Aliases: CVE-2013-7075 GHSA-47ww-mq32-g4xw	TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T13:20:16.201136+00:00	Debian Oval Importer	Affected by	VCID-4auu-re6t-p3gu	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:19:43.409954+00:00	Debian Oval Importer	Affected by	VCID-y9d1-wwne-hba5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:18:29.671047+00:00	Debian Oval Importer	Affected by	VCID-75re-n41m-y3et	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:16:37.687762+00:00	Debian Oval Importer	Affected by	VCID-wxg4-7yap-3qdx	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:10:05.080477+00:00	Debian Oval Importer	Affected by	VCID-p8m8-y53c-cubn	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:08:51.360127+00:00	Debian Oval Importer	Affected by	VCID-yadx-n3tq-rkdb	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:08:50.669345+00:00	Debian Oval Importer	Affected by	VCID-133h-9erq-2fhy	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:07:59.026783+00:00	Debian Oval Importer	Affected by	VCID-zqqe-vew2-nbfk	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:06:44.294824+00:00	Debian Oval Importer	Affected by	VCID-d79s-4kzk-hugy	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:02:59.480178+00:00	Debian Oval Importer	Affected by	VCID-ftr5-c6nt-gbh4	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:02:47.917374+00:00	Debian Oval Importer	Affected by	VCID-9j2h-q1n5-kbgt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T13:01:05.443662+00:00	Debian Oval Importer	Affected by	VCID-5rae-psy2-dba5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:59:06.184201+00:00	Debian Oval Importer	Affected by	VCID-m3dg-q4eg-wyfb	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:58:44.779656+00:00	Debian Oval Importer	Affected by	VCID-8ahj-xadv-xbhr	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:52:48.602148+00:00	Debian Oval Importer	Affected by	VCID-vgwd-1z7m-gkh8	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:50:25.913446+00:00	Debian Oval Importer	Affected by	VCID-mrst-4yau-ubce	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-11T13:09:00.367562+00:00	Debian Oval Importer	Affected by	VCID-4auu-re6t-p3gu	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T13:08:28.078154+00:00	Debian Oval Importer	Affected by	VCID-y9d1-wwne-hba5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T13:07:13.775701+00:00	Debian Oval Importer	Affected by	VCID-75re-n41m-y3et	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T13:05:21.536359+00:00	Debian Oval Importer	Affected by	VCID-wxg4-7yap-3qdx	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:58:49.084123+00:00	Debian Oval Importer	Affected by	VCID-p8m8-y53c-cubn	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:57:34.730077+00:00	Debian Oval Importer	Affected by	VCID-yadx-n3tq-rkdb	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:57:34.064722+00:00	Debian Oval Importer	Affected by	VCID-133h-9erq-2fhy	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:56:42.566730+00:00	Debian Oval Importer	Affected by	VCID-zqqe-vew2-nbfk	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:55:28.914751+00:00	Debian Oval Importer	Affected by	VCID-d79s-4kzk-hugy	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:52:30.778051+00:00	Debian Oval Importer	Affected by	VCID-ftr5-c6nt-gbh4	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:52:19.507641+00:00	Debian Oval Importer	Affected by	VCID-9j2h-q1n5-kbgt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:50:22.960751+00:00	Debian Oval Importer	Affected by	VCID-5rae-psy2-dba5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:47:44.795863+00:00	Debian Oval Importer	Affected by	VCID-m3dg-q4eg-wyfb	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:47:21.889429+00:00	Debian Oval Importer	Affected by	VCID-8ahj-xadv-xbhr	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:41:21.781616+00:00	Debian Oval Importer	Affected by	VCID-vgwd-1z7m-gkh8	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:38:54.711989+00:00	Debian Oval Importer	Affected by	VCID-mrst-4yau-ubce	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-08T13:08:16.168008+00:00	Debian Oval Importer	Affected by	VCID-4auu-re6t-p3gu	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-08T13:07:43.748377+00:00	Debian Oval Importer	Affected by	VCID-y9d1-wwne-hba5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-08T13:06:29.508109+00:00	Debian Oval Importer	Affected by	VCID-75re-n41m-y3et	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-07T21:40:26.462119+00:00	Debian Oval Importer	Affected by	VCID-wxg4-7yap-3qdx	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-07T21:33:41.769249+00:00	Debian Oval Importer	Affected by	VCID-p8m8-y53c-cubn	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-07T21:32:26.366066+00:00	Debian Oval Importer	Affected by	VCID-yadx-n3tq-rkdb	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-07T21:32:25.677047+00:00	Debian Oval Importer	Affected by	VCID-133h-9erq-2fhy	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-07T21:31:33.375981+00:00	Debian Oval Importer	Affected by	VCID-zqqe-vew2-nbfk	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-07T21:30:15.955680+00:00	Debian Oval Importer	Affected by	VCID-d79s-4kzk-hugy	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-07T21:27:12.489860+00:00	Debian Oval Importer	Affected by	VCID-ftr5-c6nt-gbh4	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-07T21:27:01.094083+00:00	Debian Oval Importer	Affected by	VCID-9j2h-q1n5-kbgt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T22:06:02.576521+00:00	Debian Oval Importer	Affected by	VCID-5rae-psy2-dba5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T22:03:58.946587+00:00	Debian Oval Importer	Affected by	VCID-m3dg-q4eg-wyfb	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T22:03:37.623324+00:00	Debian Oval Importer	Affected by	VCID-8ahj-xadv-xbhr	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T21:51:11.778775+00:00	Debian Oval Importer	Affected by	VCID-vgwd-1z7m-gkh8	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T21:48:46.416593+00:00	Debian Oval Importer	Affected by	VCID-mrst-4yau-ubce	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-02T13:09:57.030005+00:00	Debian Oval Importer	Affected by	VCID-5rae-psy2-dba5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0
2026-04-02T13:06:13.946179+00:00	Debian Oval Importer	Affected by	VCID-m3dg-q4eg-wyfb	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0
2026-04-02T13:05:46.803176+00:00	Debian Oval Importer	Affected by	VCID-8ahj-xadv-xbhr	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0
2026-04-02T12:57:27.190384+00:00	Debian Oval Importer	Affected by	VCID-vgwd-1z7m-gkh8	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0
2026-04-02T12:54:52.078127+00:00	Debian Oval Importer	Affected by	VCID-mrst-4yau-ubce	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0