17 matches found
CVE-2023-29507
XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...
EUVD-2011-1203
Malware in sbrugna...
EUVD-2023-1368
Malicious code in bioql PyPI...
Design/Logic Flaw
XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...
CVE-2023-29507
XWiki Commons vulnerability: the Document script API returns directly a DocumentAuthors object, letting an attacker set any document author and potentially affect rights checks. This is fixed by patching the API to a safe script API in XWiki 14.10 and 14.4.7. Affected context includes XWiki Commo...
CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors
XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...
XWiki Commons 安全漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the Document script API directly returning a DocumentAuthors allowing any author of a document to be set...
PT-2023-22289 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.4.7 XWiki versions prior to 14.10 Description: The Document script API returns directly a DocumentAuthors, allowing to set any authors to the document. This can allow subsequent executions of scripts since this auth...
Mozilla: Crash with nested event loops
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...
Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-12, APSB11-12, APSB11-16) (Mac OS X)
The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1, 9.4.5, or 8.3. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. CVE-2011-2094, CVE-2011-2095, CVE-2011-209...
Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)
The version of Adobe Reader installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. CVE-2011-2094, CVE-2011-2095, CVE-2011-2097 - A heap...
Adobe Acrobat < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)
The version of Adobe Acrobat installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. CVE-2011-2094, CVE-2011-2095, CVE-2011-2097 - A hea...
CVE-2011-1195
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."...
CVE-2011-1195
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."...
UBUNTU-CVE-2011-1195
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."...
CVE-2011-1195
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."...
CVE-2011-1195
Removed by vendor...