98 matches found
PT-2023-9334 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a NULL pointer dereference in the EFI initialization error path. When runtime services are not supported or have been disabled, the runtime services workqueue i...
CVE-2022-41932
Summary: CVE-2022-41932 affects XWiki Platform and allows an attacker to trigger creation of many new schemas and tables by supplying a crafted user identifier in the login form, causing degraded database performance. The underlying issue is a design/logic flaw that enables uncontrolled resource ...
Design/Logic Flaw
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1...
Design/Logic Flaw
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and...
CVE-2022-24819 Unauthenticated user can retrieve the list of users through uorgsuggest.vm
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1...
GSD-2022-1000243 efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
efi: runtime: avoid EFIv2 runtime services on Apple x86 machines This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.19 by commit...
Design/Logic Flaw
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandlerprocessSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML...
CVE-2022-23621
CVE-2022-23621 – XWiki Platform is affected where any user with SCRIPT rights can read arbitrary files from the XWiki WAR (for example xwiki.cfg) via XWiki#invokeServletAndReturnAsString (using "/WEB-INF/xwiki.cfg"). The issue is fixed in XWiki versions 12.10.9, 13.4.3, and 13.7-rc-1. The vulnera...
GHSA-F4CJ-3Q3H-884R Partial authorization bypass on document save in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with SCRIPT right EDIT right before XWiki 7.4 can save a document with the right of the current user which allow accessing API requiring programming right if the current user has...
CVE-2022-23615 Partial authorization bypass on document save in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming...
CVE-2020-5953
A vulnerability exists in System Management Interrupt SWSMI handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT EFIRUNTIMESERVICES pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM escalating...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System.A security vulnerability exists in Insyde InsydeH2O. The vulnerability stems from the System Management...
CVE-2021-29459
XWiki Platform has a cross-site scripting vulnerability affecting versions prior to 12.6.3 and 12.8, allowing persistent script injection via text fields (unregistered users) or via app-managed lists (registered users with edit rights). The issue stems from how data can be filled and persisted, w...
CVE-2021-21379
XWiki Platform is affected by a vulnerability where the {{wikimacrocontent}} macro executes content with the rights of the macro author rather than the caller, enabling potential script injection. Affected versions are patched in XWiki 12.6.3, 11.10.11, and 12.8-rc-1. There is no easy workaround ...
CVE-2021-21379 It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the wikimacrocontent executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inje...
CVE-2020-26186
Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode SMM...
Dell Inspiron 5675 BIOS 访问控制错误漏洞
The Dell Inspiron 5675 BIOS is a Dell USA program that provides basic inputs and outputs for the device, a self-test after powering on the device, and system self-boot functionality. A security vulnerability exists in the Dell Inspiron 5675 BIOS versions prior to version 1.4.1, which can be...
USN-4679-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-25656 Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling...