In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
Typo3
NVD
GitHub
CVSS 3.1
3.7
EPSS
1.2%
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.
Ubuntu
Information Disclosure
Subiquity
NVD
GitHub
CVSS 3.1
2.3
EPSS
0.6%