VulnerableCode Package Details - pkg:deb/debian/typo3-src@4.3.9%2Bdfsg1-1%2Bsqueeze9

Search for packages

Package details: pkg:deb/debian/typo3-src@4.3.9%2Bdfsg1-1%2Bsqueeze9

Essentials
History (32)

purl	pkg:deb/debian/typo3-src@4.3.9%2Bdfsg1-1%2Bsqueeze9

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (16)

Vulnerability	Summary	Fixed by
VCID-18tp-5nfu-nbew Aliases: CVE-2014-3945 GHSA-h7wf-jg4f-x2wc	TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.	There are no reported fixed by versions.
VCID-1b85-9sx2-sucu Aliases: CVE-2013-7075 GHSA-47ww-mq32-g4xw	TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."	There are no reported fixed by versions.
VCID-3k7d-p25a-j7c1 Aliases: CVE-2013-7079 GHSA-838c-v5cq-hp33	TYPO3 OpenID extension Open redirect vulnerability Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	There are no reported fixed by versions.
VCID-52up-kw83-k3cp Aliases: CVE-2015-2047		There are no reported fixed by versions.
VCID-77zk-mttw-7yb5 Aliases: CVE-2014-3943 GHSA-qqh2-h6gw-6x8x	Typo3 XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.	There are no reported fixed by versions.
VCID-8tx1-99cc-tfcc Aliases: CVE-2013-7073 GHSA-4rpv-g4gq-rh4m	TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.	There are no reported fixed by versions.
VCID-b4du-skke-dqa8 Aliases: CVE-2013-7081 GHSA-r674-mc9p-hvw5	TYPO3 Improper Access Control vulnerability The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.	There are no reported fixed by versions.
VCID-bznh-qnh6-23bk Aliases: CVE-2013-7080 GHSA-5fj8-wh3g-qvq2	TYPO3 is vulnerable to Mass Assignment in the Extension table administration library The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."	There are no reported fixed by versions.
VCID-c7jx-ey45-judf Aliases: CVE-2014-3941 GHSA-594h-cx6w-p4jf	Typo3 Host Header Spoofing Vulnerability TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."	There are no reported fixed by versions.
VCID-ctuh-5vv7-wqcd Aliases: CVE-2014-3944 GHSA-9j8h-xrgj-7gw2	TYPO3 Improper Session Invalidation The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.	There are no reported fixed by versions.
VCID-cv1m-r2d7-h3dx Aliases: CVE-2014-3942 GHSA-55g3-fjwm-w2c8	TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.	There are no reported fixed by versions.
VCID-jeh6-akzd-q7c2 Aliases: CVE-2013-7076		There are no reported fixed by versions.
VCID-q1s5-yzxr-9ud5 Aliases: CVE-2014-3946 GHSA-vccp-5v5h-p8m6	Typo3 Information Disclosure Failing to respect user groups of logged in users when caching queries, Extbase is susceptible to information disclosure. The query caching (introduced in Extbase 6.2) used to cache queries that query results for a specific user group were presented to a different group.	There are no reported fixed by versions.
VCID-t7pm-yns8-4ues Aliases: CVE-2013-7078 GHSA-qj69-chjp-g4f5	TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.	There are no reported fixed by versions.
VCID-txd8-gfvy-1kb1 Aliases: CVE-2013-7074 GHSA-r8m7-792j-5jvq	TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.	There are no reported fixed by versions.
VCID-v9pb-6fpz-67bj Aliases: CVE-2013-1464	cross-site scripting	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T18:03:50.605612+00:00	Debian Oval Importer	Affected by	VCID-ctuh-5vv7-wqcd	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T18:01:18.093013+00:00	Debian Oval Importer	Affected by	VCID-txd8-gfvy-1kb1	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T17:51:43.029093+00:00	Debian Oval Importer	Affected by	VCID-b4du-skke-dqa8	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T17:42:32.208620+00:00	Debian Oval Importer	Affected by	VCID-v9pb-6fpz-67bj	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:58:27.278876+00:00	Debian Oval Importer	Affected by	VCID-8tx1-99cc-tfcc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:54:05.200591+00:00	Debian Oval Importer	Affected by	VCID-3k7d-p25a-j7c1	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:54:00.319151+00:00	Debian Oval Importer	Affected by	VCID-q1s5-yzxr-9ud5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:52:08.011074+00:00	Debian Oval Importer	Affected by	VCID-1b85-9sx2-sucu	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:49:02.593876+00:00	Debian Oval Importer	Affected by	VCID-c7jx-ey45-judf	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:42:04.012035+00:00	Debian Oval Importer	Affected by	VCID-bznh-qnh6-23bk	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:41:44.554125+00:00	Debian Oval Importer	Affected by	VCID-77zk-mttw-7yb5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:35:27.517134+00:00	Debian Oval Importer	Affected by	VCID-jeh6-akzd-q7c2	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:27:11.581698+00:00	Debian Oval Importer	Affected by	VCID-cv1m-r2d7-h3dx	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:24:43.482344+00:00	Debian Oval Importer	Affected by	VCID-t7pm-yns8-4ues	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T16:01:29.592902+00:00	Debian Oval Importer	Affected by	VCID-52up-kw83-k3cp	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-03T15:57:34.186996+00:00	Debian Oval Importer	Affected by	VCID-18tp-5nfu-nbew	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-01T19:12:24.270460+00:00	Debian Oval Importer	Affected by	VCID-ctuh-5vv7-wqcd	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T19:11:51.413680+00:00	Debian Oval Importer	Affected by	VCID-txd8-gfvy-1kb1	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T19:10:36.240458+00:00	Debian Oval Importer	Affected by	VCID-b4du-skke-dqa8	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T19:08:44.397173+00:00	Debian Oval Importer	Affected by	VCID-v9pb-6fpz-67bj	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T19:02:11.961793+00:00	Debian Oval Importer	Affected by	VCID-8tx1-99cc-tfcc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T19:00:57.349292+00:00	Debian Oval Importer	Affected by	VCID-3k7d-p25a-j7c1	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T19:00:56.683579+00:00	Debian Oval Importer	Affected by	VCID-q1s5-yzxr-9ud5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T19:00:05.382686+00:00	Debian Oval Importer	Affected by	VCID-1b85-9sx2-sucu	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T18:58:52.262646+00:00	Debian Oval Importer	Affected by	VCID-c7jx-ey45-judf	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T18:55:53.691871+00:00	Debian Oval Importer	Affected by	VCID-bznh-qnh6-23bk	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T18:55:42.565933+00:00	Debian Oval Importer	Affected by	VCID-77zk-mttw-7yb5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T18:54:01.292899+00:00	Debian Oval Importer	Affected by	VCID-jeh6-akzd-q7c2	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T18:52:01.340865+00:00	Debian Oval Importer	Affected by	VCID-cv1m-r2d7-h3dx	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T18:51:40.183747+00:00	Debian Oval Importer	Affected by	VCID-t7pm-yns8-4ues	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T18:45:40.247769+00:00	Debian Oval Importer	Affected by	VCID-52up-kw83-k3cp	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-07-01T18:43:15.554645+00:00	Debian Oval Importer	Affected by	VCID-18tp-5nfu-nbew	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3