9.1
CVE-2024-55879 - XWiki allows RCE from script right in configurable sections
XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availab…
10
CVE-2024-55877 - XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMac…
XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confidentiality, integrity…
6.5
CVE-2024-49071 - Windows Defender Information Disclosure Vulnerability
Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
9.3
CVE-2024-49147 - Microsoft Update Catalog Elevation of Privilege Vulnerability
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
5.4
CVE-2024-55876 - XWiki's scheduler in subwiki allows scheduling operations for any main wiki user
XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Sche…
9.8
CVE-2024-55875 - http4k has a potential XXE (XML External Entity Injection) vulnerability
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trig…
8.6
CVE-2024-55663 - XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on …
7.5
CVE-2024-47238 -
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
10
CVE-2024-55662 - XWiki allows remote code execution through the extension sheet
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. This vulnerability has been fixed …
6.5
CVE-2024-52901 - IBM InfoSphere Information Server denial of service
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.