EUVD-2023-1481

Malicious code in bioql PyPI...

CVE-2023-32070

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting XSS attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. Ther...

Apple MacOSX Security Update (HT214119, regreSSHion)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-40804

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A malicious application may be able to access private information...

CVE-2024-40803

CVE-2024-40803 is a type confusion flaw reported for macOS components. It is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, and macOS Ventura 13.6.8. The issue could allow an attacker to cause an unexpected app termination. Affected products/versions are explicitly listed in the sources; the ...

BIT-GITLAB-2022-2539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization...

GitLab 12.7 < 14.5.4 / 14.6 < 14.6.4 / 14.7 < 14.7.1 (CVE-2022-0390)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the...

XWiki 4.2-milestone-1 < 14.6 XSS Vulnerability (GHSA-m3jr-cvhj-f35j)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2023-32070

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting XSS attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. Ther...

CVE-2023-32070 Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting XSS attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. Ther...

Cross site scripting

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

XWiki 13.10.8 < 13.10.11, 14.4.3 < 14.4.7, 14.6.x < 14.10 Code Injection Vulnerability (GHSA-jjm5-5v9v-7hx2)

Xwiki is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability

Impact The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . As a consequence, any code relying on this "restricted" mode for security is...

XWiki < 13.10.8, 14.x < 14.4.2, 14.5.x < 14.6 Uncontrolled Resource Consumption Vulnerability (GHSA-4x5r-6v26-7j4v)

Xwiki is prone to an uncontrolled resource consumption vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki...

CVE-2022-2539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization...

CVE-2022-2539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization...

GitLab 12.4.x < 14.5.4, 14.6.x < 14.6.4, 14.7.x < 14.7.1 Improper Access Control Vulnerability

GitLab is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 10.x < 14.5.4, 14.6.x < 14.6.4, 14.7.x < 14.7.1 Information Disclosure Vulnerability

GitLab is prone to a information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

CVE-2022-0371

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails...