SolarWinds Serv-U 15.5.4 Multiple Vulnerabilities

The version of SolarWinds Serv-U installed on the remote host is prior to 15.5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the solarwindsserv-u1554 advisory. - An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when validating SSH host certificate signatures. Due to a related issue in the processing of IsUserAuthority and IsHostAuthority by x/crypto/ssh, an attacker can gain unauthorized access by providing a signed SSH...

XWiki 5.0-rc-1 < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 Information Disclosure Vulnerability (GHSA-v782-xr4w-3vqx)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 RCE Vulnerability (GHSA-c2gg-4gq4-jv5j)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 3.0.1 < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 RCE Vulnerability (GHSA-hf43-47q4-fhq5)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2024-31996

CVE-2024-31996 affects XWiki Platform (XWiki Commons). The issue is improper escaping in the HTML escapetool used by XWiki, which fails to escape the “{” character, enabling syntax injection and remote code execution. Affected versions start at 3.0.1 and extend up to 4.10.19, 15.5.4, and 15.10-rc...

CVE-2024-31981

XWiki Platform has a remote code execution vulnerability (CVE-2024-31981) via PDF export templates. Affected versions are 3.0.1 up to 4.10.19, plus 15.5.x and 15.10-rc-1 before patches, with fixes in 4.10.20, 15.5.4, and 15.10-rc-1. If PDF templates are not used, an admin can create the XWiki.PDF...

PT-2024-24346 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.0.1 through 4.10.18 XWiki Platform versions 15.5.4 and earlier XWiki Platform versions prior to 15.10-rc-1 Description: The HTML escaping tool used in XWiki does not escape , which can allow XWiki syntax injection an...

PT-2024-24336 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.1 through 4.10.18 XWiki Platform versions 14.10.18 and earlier XWiki Platform versions 15.5.4 and earlier XWiki Platform version 15.10-rc-1 and earlier Description: The issue allows execution of arbitrary code on the...