Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.9 views

CVE-2023-29507

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...

9.1CVSS6.7AI score0.00899EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-1203

Malware in sbrugna...

7.5CVSS6.1AI score0.01631EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1368

Malicious code in bioql PyPI...

9.1CVSS6.9AI score0.00899EPSS
Exploits0References5
Prion
Prion
added 2023/04/16 7:15 a.m.21 views

Design/Logic Flaw

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...

5.8CVSS6.8AI score0.00899EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/04/16 6:52 a.m.249 views

CVE-2023-29507

XWiki Commons vulnerability: the Document script API returns directly a DocumentAuthors object, letting an attacker set any document author and potentially affect rights checks. This is fixed by patching the API to a safe script API in XWiki 14.10 and 14.4.7. Affected context includes XWiki Commo...

9.1CVSS8.1AI score0.00899EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/16 6:52 a.m.30 views

CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...

9.1CVSS6.8AI score0.00899EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/16 12:0 a.m.2 views

XWiki Commons 安全漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the Document script API directly returning a DocumentAuthors allowing any author of a document to be set...

9.1CVSS6.9AI score0.00899EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.4 views

PT-2023-22289 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.4.7 XWiki versions prior to 14.10 Description: The Document script API returns directly a DocumentAuthors, allowing to set any authors to the document. This can allow subsequent executions of scripts since this auth...

9.1CVSS6.8AI score0.00899EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2018/11/09 11:54 a.m.5 views

Mozilla: Crash with nested event loops

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

9.8CVSS7.3AI score0.03425EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2011/06/24 12:0 a.m.35 views

Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-12, APSB11-12, APSB11-16) (Mac OS X)

The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1, 9.4.5, or 8.3. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. CVE-2011-2094, CVE-2011-2095, CVE-2011-209...

9.3CVSS7.1AI score0.08701EPSS
Exploits3References31
Tenable Nessus
Tenable Nessus
added 2011/06/15 12:0 a.m.40 views

Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)

The version of Adobe Reader installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. CVE-2011-2094, CVE-2011-2095, CVE-2011-2097 - A heap...

9.3CVSS6.2AI score0.08701EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2011/06/15 12:0 a.m.42 views

Adobe Acrobat < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)

The version of Adobe Acrobat installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. CVE-2011-2094, CVE-2011-2095, CVE-2011-2097 - A hea...

9.3CVSS6.2AI score0.08701EPSS
Exploits0References15
NVD
NVD
added 2011/03/11 2:1 a.m.36 views

CVE-2011-1195

Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."...

7.5CVSS7.1AI score0.01631EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2011/03/11 2:1 a.m.22 views

CVE-2011-1195

Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."...

7.5CVSS5.9AI score0.01631EPSS
Exploits1References1
OSV
OSV
added 2011/03/11 2:1 a.m.2 views

UBUNTU-CVE-2011-1195

Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."...

7.5CVSS5.9AI score0.01631EPSS
Exploits1References2
Cvelist
Cvelist
added 2011/03/11 1:0 a.m.22 views

CVE-2011-1195

Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."...

7AI score0.01631EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2011/03/11 1:0 a.m.23 views

CVE-2011-1195

Removed by vendor...

7.5CVSS6.7AI score0.01631EPSS
Exploits1
Rows per page
Query Builder