XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform used for creating web collaboration applications. Vulnerabilities exist in versions 10.4-rc-1 to 16.10.15, 17.0.0-rc-1 to 17.4.7, and 17.5.0-rc-1 to 17.10.0 of the XWiki Platform. These vulnerabilities stem from a reflection-type cross-site...

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform such as 1.8-rc-1, 17.0.0-rc-1, and 17.5.0-rc-1 and earlier contain security vulnerabilities. These vulnerabilities stem from resource exhaustion issues with the...

XWiki Rendering 安全漏洞

XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering versions 16.10.9 and earlier, 17.0.0-rc-1 through 17.4.2, and...

CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...

XWiki Platform SQL注入漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A SQL injection vulnerability exists in XWiki Platform versions 4.3-milestone-1 through 16.10.9, 17.4.2, and prior to 17.5.0, which stems from an HQL injection in the orderField parameter an...

Linux Distros Unpatched Vulnerability : CVE-2024-7102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user...

UBUNTU-CVE-2024-7102

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances...

CVE-2024-7102

GitLab CVE-2024-7102 affects GitLab CE/EE versions 16.4 through before 17.5.0, allowing an attacker to trigger a pipeline as another user under certain circumstances. Multiple sources (NVD, Red Hat, Debian, OSV, etc.) corroborate the issue but do not publicly detail the root cause or exploit step...

SUSE CVE-2018-7685

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download...

pyOpenSSL: Use-after-free in X509 object handling

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on...

CVE-2018-1000808

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS 12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends...

Pyopenssl Incorrect Memory Management

It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS 12 store. A remote attacker could possibly use this issue to cause pyOpenSSL to consume resources, resulting in a denial of service. This attack appear to be exploitable via Depends upon calling...

PYSEC-2018-23

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on...

PYSEC-2018-24

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS 12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends...

DEBIAN-CVE-2018-1000807

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on...

PT-2018-9531 · Openssl +2 · Pyopenssl +2

Name of the Vulnerable Software and Affected Versions: pyopenssl versions prior to 17.5.0 Description: The issue is related to a Use After Free vulnerability in X509 object handling, which can result in denial of service or possible remote code execution. This attack appears to be exploitable via...