26 matches found
EUVD-2023-2625
Malicious code in bioql PyPI...
MAL-2025-47052 Malicious code in audi-footnote-reference-service (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c035d5ff92937ddffc6c544ab41cd4721ed9e798733de1f734142b33775388ca Any computer that has this package installed or running should be considered...
CVE-2021-43827
discourse-footnote is a library providing footnotes for posts in Discourse. Impact When posting an inline footnote wrapped in tags e.g. ^footnote, the resulting rendered HTML would include a nested , which is stripped by Nokogiri because it is not valid. This then caused a javascript error on top...
Malicious code in @dh-io-globalelem/footnote-reference-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b2e6d7cc2b325220bbda28fea49385ce4c68d05c1646bc6a569ca62a0f27c443 The OpenSSF Package Analysis project identified '@dh-io-globalelem/footnote-reference-component' @ 5.990.10 npm as malicious. It is considered...
Malicious code in @dh-io-globalelem/footnote-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4022d6e9ad567de4e27943e9f7b877b7f4fc8ad0dc9e8c9dcf81738af56bc2a2 The OpenSSF Package Analysis project identified '@dh-io-globalelem/footnote-component' @ 5.990.10 npm as malicious. It is considered malicious...
Malicious code in footnote-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d840202ac5d63ed914d72fb9165d5dacf64b5449aeca46d1fb168c12f7627160 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8560 Malicious code in footnote-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d840202ac5d63ed914d72fb9165d5dacf64b5449aeca46d1fb168c12f7627160 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
Impact The footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution,...
GHSA-35J5-M29R-XFQ5 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
Impact The footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution,...
Remote code execution
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...
CVE-2023-37912 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...
CVE-2023-37912
Summary: CVE-2023-37912 affects XWiki Rendering’s footnote macro. Prior to versions 14.10.6 (footnotes macros) and 15.1-rc-1 (footnotes macro), the footnote macro could execute content in a different context, enabling privilege escalation from a user to programming rights and potentially remote c...
CVE-2023-37912 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...
XWiki Rendering Security Vulnerability
XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering that stems from a footnote macro executing its contents in possibl...
SUSE CVE-2017-9433
Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx...
SUSE CVE-2018-11503
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted file, as demonstrated by mkd2html...
CVE-2021-43827
discourse-footnote is a library providing footnotes for posts in Discourse. Impact When posting an inline footnote wrapped in tags e.g. ^footnote, the resulting rendered HTML would include a nested , which is stripped by Nokogiri because it is not valid. This then caused a javascript error on top...
CVE-2021-43827
The CVE-2021-43827 issue concerns the discourse-footnote library used with Discourse. Affected behavior occurs when an inline footnote is wrapped in tags, producing a nested element in rendered HTML. Nokogiri strips the nested tag, leading to a JavaScript error on topic pages when code searches...
Discourse 安全漏洞
Discourse is an open source community discussion platform that includes community, email and chat room features. The platform includes community, email and chat room features. discourse-footnote has a security vulnerability that could be exploited to trigger null-reference javascript errors...
End of support for Office 2016 and Office 2019
None None...