Lucene search
K

98 matches found

CNNVD
CNNVD
added 2024/04/17 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux in the United States. A security vulnerability exists in the Linux kernel that stems from a misspelling in the RTAS function table...

5.1CVSS4.4AI score0.0024EPSS
Exploits0References6
CVE
CVE
added 2023/11/07 7:4 p.m.73 views

CVE-2023-46244

CVE-2023-46244 relates to a privilege-escalation in XWiki Platform where a user with only script permissions could cause velocity content to execute with the right of another document author, potentially returning the title as the unmodified document but instead exposing the attacker to the prote...

9.1CVSS9AI score0.0079EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/10/25 5:9 p.m.24 views

CVE-2023-37909 Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros th...

9.9CVSS8.9AI score0.01621EPSS
Exploits1References5
CVE
CVE
added 2023/08/23 8:11 p.m.68 views

CVE-2023-40177

CVE-2023-40177 affects XWiki Platform: a vulnerability where any registered user can use the user profile content field to execute arbitrary scripts with programming rights, effectively escalating privileges. Root cause: AppWithinMinutes.Content displayer executes content with the rights of the A...

9.9CVSS9.3AI score0.00983EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/08/23 8:11 p.m.52 views

CVE-2023-40177 XWiki Platform privilege escalation (PR) from account through AWM content fields

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

9.9CVSS9.8AI score0.00983EPSS
Exploits0References3
Prion
Prion
added 2023/06/23 5:15 p.m.25 views

Remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code executio...

6CVSS8.2AI score0.77654EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/06/23 3:26 p.m.57 views

CVE-2023-34466

CVE-2023-34466 affects XWiki Platform’s tag API. The vulnerability leaks tags from pages not viewable to the current user, enabling inference of the document reference for non-viewable pages. Affected versions are 5.0-milestone-1 up to 14.4.8, 14.10.4, and 15.0-rc-1. The issue is resolved in the ...

4.3CVSS4.4AI score0.00554EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/20 7:29 p.m.12 views

CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...

9.9CVSS7AI score0.6312EPSS
Exploits1References3
OSV
OSV
added 2023/06/20 7:29 p.m.24 views

CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...

9.9CVSS8.4AI score0.6312EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/06/20 7:29 p.m.36 views

CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...

9.9CVSS9.8AI score0.6312EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/05/04 12:0 a.m.7 views

The vulnerability of the errlog() system call function in the runtime services library of the IBM AIX operating system allows a perpetrator to execute arbitrary commands.

The vulnerability of the errlog system call function in the runtime services library of the IBM AIX operating system exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows an attacker to execute...

8.4CVSS7.6AI score0.00296EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2023/04/26 11:50 a.m.15 views

CVE-2023-26286 IBM AIX privilege escalation

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421...

8.4CVSS8AI score0.00296EPSS
Exploits0References2
NVD
NVD
added 2023/04/19 12:15 a.m.31 views

CVE-2023-29520

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been...

6.5CVSS5AI score0.00527EPSS
Exploits1References2
Prion
Prion
added 2023/04/19 12:15 a.m.21 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page e.g., it's own user page, can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is...

6.5CVSS8.8AI score0.01144EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/04/19 12:15 a.m.72 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...

4.9CVSS5.6AI score0.00567EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/04/19 12:15 a.m.26 views

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be execut...

6.5CVSS8.8AI score0.01144EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/04/19 12:15 a.m.18 views

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the since parameter of the /xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration endpoint. This provides an XWik...

6.5CVSS9AI score0.77752EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/18 12:0 a.m.31 views

AIX (IJ45981)

The version of AIX installed on the remote host is prior to APAR IJ45981. It is, therefore, affected by a vulnerability as referenced in the IJ45981 advisory. - IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services libra...

8.4CVSS7.7AI score0.00296EPSS
Exploits0References3
IBM AIX
IBM AIX
added 2023/04/12 12:36 p.m.47 views

AIX is vulnerable to arbitrary command execution

IBM SECURITY ADVISORY First Issued: Wed Apr 12 12:36:51 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/librtsadvisory.asc Security Bulletin: AIX is vulnerable to arbitrary command execution CVE-2023-26286...

8.4CVSS8.1AI score0.00296EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.6 views

PT-2023-2525 · Ibm · Vios +1

Name of the Vulnerable Software and Affected Versions: IBM AIX versions 7.1 through 7.3 VIOS version 3.1 Description: The issue allows a non-privileged local user to exploit a vulnerability in the AIX runtime services library, specifically due to the lack of neutralization of special elements use...

8.4CVSS7.7AI score0.00296EPSS
Exploits0References10
Rows per page
Query Builder