SolarWinds Serv-U 15.5.0 < 15.5.5

The version of SolarWinds Serv-U installed on the remote host is prior to 15.5.4 HF1. It is, therefore, affected by a vulnerability as referenced in the solarwindsserv-u1554hf1 advisory. - SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without...

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...

SolarWinds Serv-U 15.5.4 Multiple Vulnerabilities

The version of SolarWinds Serv-U installed on the remote host is prior to 15.5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the solarwindsserv-u1554 advisory. - An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when validating SSH host certificate signatures. Due to a related issue in the processing of IsUserAuthority and IsHostAuthority by x/crypto/ssh, an attacker can gain unauthorized access by providing a signed SSH...

XWiki 5.2-milestone-2 < 14.10.20, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.10 RCE Vulnerability (GHSA-34fj-r5gq-7395)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 2.4-milestone-1 < 14.10.20, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.10 RCE Vulnerability (GHSA-2858-8cfx-69m9)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 RCE Vulnerability (GHSA-c2gg-4gq4-jv5j)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 5.0-rc-1 < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 Information Disclosure Vulnerability (GHSA-v782-xr4w-3vqx)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 3.0.1 < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 RCE Vulnerability (GHSA-hf43-47q4-fhq5)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2024-31997 XWiki Platform remote code execution from account through UIExtension parameters

XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. Th...

CVE-2024-31997 XWiki Platform remote code execution from account through UIExtension parameters

XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. Th...

CVE-2024-31987

XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote...

CVE-2024-31996

CVE-2024-31996 affects XWiki Platform (XWiki Commons). The issue is improper escaping in the HTML escapetool used by XWiki, which fails to escape the “{” character, enabling syntax injection and remote code execution. Affected versions start at 3.0.1 and extend up to 4.10.19, 15.5.4, and 15.10-rc...

CVE-2024-31981

XWiki Platform has a remote code execution vulnerability (CVE-2024-31981) via PDF export templates. Affected versions are 3.0.1 up to 4.10.19, plus 15.5.x and 15.10-rc-1 before patches, with fixes in 4.10.20, 15.5.4, and 15.10-rc-1. If PDF templates are not used, an admin can create the XWiki.PDF...

XWiki Platform CSRF remote code execution through the realtime HTML Converter API

Impact When the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the...

PT-2024-24347 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 4.10.19 XWiki Platform versions prior to 15.5.4 XWiki Platform versions prior to 15.10-rc-1 Description: XWiki Platform is a generic wiki platform where parameters of UI extensions are always interpreted as...

PT-2024-24346 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.0.1 through 4.10.18 XWiki Platform versions 15.5.4 and earlier XWiki Platform versions prior to 15.10-rc-1 Description: The HTML escaping tool used in XWiki does not escape , which can allow XWiki syntax injection an...

PT-2024-24333 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.0.1 through 4.10.19 XWiki Platform versions 14.10.19 and earlier XWiki Platform versions 15.5.3 and earlier XWiki Platform versions prior to 15.10-rc-1 Description: XWiki Platform is a generic wiki platform. Remote...

PT-2024-24336 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.1 through 4.10.18 XWiki Platform versions 14.10.18 and earlier XWiki Platform versions 15.5.4 and earlier XWiki Platform version 15.10-rc-1 and earlier Description: The issue allows execution of arbitrary code on the...

PT-2023-14138 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.7 through 15.4.5 GitLab EE versions 15.5 through 15.5.4 GitLab EE versions 15.6 through 15.6.0 Description: An information leak issue was identified that exposes user email IDs through the webhook payload. Recommendation...