Lucene search
K

98 matches found

Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.13 views

PT-2023-9334 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a NULL pointer dereference in the EFI initialization error path. When runtime services are not supported or have been disabled, the runtime services workqueue i...

9.1CVSS6.9AI score0.03681EPSS
Exploits14References1696
CVE
CVE
added 2022/11/23 12:0 a.m.66 views

CVE-2022-41932

Summary: CVE-2022-41932 affects XWiki Platform and allows an attacker to trigger creation of many new schemas and tables by supplying a crafted user identifier in the login form, causing degraded database performance. The underlying issue is a design/logic flaw that enables uncontrolled resource ...

7.5CVSS5.8AI score0.00518EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/04/08 8:15 p.m.18 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1...

5CVSS5.1AI score0.03282EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/04/08 8:15 p.m.32 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and...

4.3CVSS5.1AI score0.00985EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/04/08 7:20 p.m.39 views

CVE-2022-24819 Unauthenticated user can retrieve the list of users through uorgsuggest.vm

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1...

5.3CVSS5.4AI score0.03282EPSS
Exploits1References2
OSV
OSV
added 2022/02/18 10:0 p.m.12 views

GSD-2022-1000243 efi: runtime: avoid EFIv2 runtime services on Apple x86 machines

efi: runtime: avoid EFIv2 runtime services on Apple x86 machines This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.19 by commit...

6.9AI score
Exploits0
Prion
Prion
added 2022/02/09 10:15 p.m.18 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandlerprocessSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML...

5.8CVSS5.4AI score0.00957EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/02/09 9:25 p.m.103 views

CVE-2022-23621

CVE-2022-23621 – XWiki Platform is affected where any user with SCRIPT rights can read arbitrary files from the XWiki WAR (for example xwiki.cfg) via XWiki#invokeServletAndReturnAsString (using "/WEB-INF/xwiki.cfg"). The issue is fixed in XWiki versions 12.10.9, 13.4.3, and 13.7-rc-1. The vulnera...

5.5CVSS5AI score0.00935EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/09 9:21 p.m.19 views

GHSA-F4CJ-3Q3H-884R Partial authorization bypass on document save in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with SCRIPT right EDIT right before XWiki 7.4 can save a document with the right of the current user which allow accessing API requiring programming right if the current user has...

5.4CVSS5.3AI score0.00684EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/02/09 8:35 p.m.56 views

CVE-2022-23615 Partial authorization bypass on document save in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming...

5.4CVSS5.7AI score0.00684EPSS
Exploits0References3
OSV
OSV
added 2022/02/03 1:15 a.m.4 views

CVE-2020-5953

A vulnerability exists in System Management Interrupt SWSMI handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT EFIRUNTIMESERVICES pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM escalating...

7.5CVSS6.2AI score0.00283EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/02/02 12:0 a.m.6 views

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System.A security vulnerability exists in Insyde InsydeH2O. The vulnerability stems from the System Management...

7.5CVSS5.7AI score0.00283EPSS
Exploits0References8
CVE
CVE
added 2021/04/20 6:30 p.m.49 views

CVE-2021-29459

XWiki Platform has a cross-site scripting vulnerability affecting versions prior to 12.6.3 and 12.8, allowing persistent script injection via text fields (unregistered users) or via app-managed lists (registered users with edit rights). The issue stems from how data can be filled and persisted, w...

9.6CVSS6.3AI score0.01123EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/03/12 5:30 p.m.83 views

CVE-2021-21379

XWiki Platform is affected by a vulnerability where the {{wikimacrocontent}} macro executes content with the rights of the macro author rather than the caller, enabling potential script injection. Affected versions are patched in XWiki 12.6.3, 11.10.11, and 12.8-rc-1. There is no easy workaround ...

7.7CVSS5.7AI score0.00459EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/12 5:30 p.m.28 views

CVE-2021-21379 It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the wikimacrocontent executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inje...

7.7CVSS7.7AI score0.00459EPSS
Exploits0References2
OSV
OSV
added 2021/01/08 7:15 p.m.2 views

CVE-2020-26186

Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode SMM...

6.8CVSS6.9AI score
Exploits0References1
CNNVD
CNNVD
added 2021/01/08 12:0 a.m.8 views

Dell Inspiron 5675 BIOS 访问控制错误漏洞

The Dell Inspiron 5675 BIOS is a Dell USA program that provides basic inputs and outputs for the device, a self-test after powering on the device, and system self-boot functionality. A security vulnerability exists in the Dell Inspiron 5675 BIOS versions prior to version 1.4.1, which can be...

7.2CVSS7.1AI score0.00364EPSS
Exploits0References2
OSV
OSV
added 2021/01/06 3:24 a.m.7 views

USN-4679-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-25656 Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling...

7.2CVSS6.7AI score0.01026EPSS
Exploits4References7
Rows per page
Query Builder