98 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux in the United States. A security vulnerability exists in the Linux kernel that stems from a misspelling in the RTAS function table...
CVE-2023-46244
CVE-2023-46244 relates to a privilege-escalation in XWiki Platform where a user with only script permissions could cause velocity content to execute with the right of another document author, potentially returning the title as the unmodified document but instead exposing the attacker to the prote...
CVE-2023-37909 Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros th...
CVE-2023-40177
CVE-2023-40177 affects XWiki Platform: a vulnerability where any registered user can use the user profile content field to execute arbitrary scripts with programming rights, effectively escalating privileges. Root cause: AppWithinMinutes.Content displayer executes content with the rights of the A...
CVE-2023-40177 XWiki Platform privilege escalation (PR) from account through AWM content fields
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...
Remote code execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code executio...
CVE-2023-34466
CVE-2023-34466 affects XWiki Platform’s tag API. The vulnerability leaks tags from pages not viewable to the current user, enabling inference of the document reference for non-viewable pages. Affected versions are 5.0-milestone-1 up to 14.4.8, 14.10.4, and 15.0-rc-1. The issue is resolved in the ...
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
The vulnerability of the errlog() system call function in the runtime services library of the IBM AIX operating system allows a perpetrator to execute arbitrary commands.
The vulnerability of the errlog system call function in the runtime services library of the IBM AIX operating system exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows an attacker to execute...
CVE-2023-26286 IBM AIX privilege escalation
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421...
CVE-2023-29520
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been...
Design/Logic Flaw
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page e.g., it's own user page, can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is...
Design/Logic Flaw
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...
Code injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be execut...
Code injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the since parameter of the /xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration endpoint. This provides an XWik...
AIX (IJ45981)
The version of AIX installed on the remote host is prior to APAR IJ45981. It is, therefore, affected by a vulnerability as referenced in the IJ45981 advisory. - IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services libra...
AIX is vulnerable to arbitrary command execution
IBM SECURITY ADVISORY First Issued: Wed Apr 12 12:36:51 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/librtsadvisory.asc Security Bulletin: AIX is vulnerable to arbitrary command execution CVE-2023-26286...
PT-2023-2525 · Ibm · Vios +1
Name of the Vulnerable Software and Affected Versions: IBM AIX versions 7.1 through 7.3 VIOS version 3.1 Description: The issue allows a non-privileged local user to exploit a vulnerability in the AIX runtime services library, specifically due to the lack of neutralization of special elements use...