GHSA-744g-7qm9-hjh9: The TYPO3 CMS Backend has Broken Authentication in Backend MFA

GHSA-6frx-j292-c844: TYPO3 Allows Privilege Escalation to System Maintainer

GHSA-9hq9-cr36-4wpj: TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

GHSA-3jrg-97f3-rqh9: TYPO3 Unverified Password Change for Backend Users

GHSA-x8pv-fgxp-8v3x: TYPO3 Allows Information Disclosure via DBAL Restriction Handling

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.

**TCPDF has incorrect comparison**

Moderate severity GitHub Reviewed Published Dec 27, 2024 to the GitHub Advisory Database • Updated Dec 27, 2024

Headline

GHSA-w95c-7994-ghpr: TCPDF has incorrect comparison

ghsa: Latest News