GSD-2023-1002286 wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

wifi: rndiswlan: Prevent buffer overflow in rndisqueryoid This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.305 by commit...

GSD-2023-1002046 ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()

ALSA: hda/via: Avoid potential array out-of-bound in addsecretdacpath This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by commit...

GSD-2023-1001961 USB: gadgetfs: Fix race between mounting and unmounting

USB: gadgetfs: Fix race between mounting and unmounting This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.8 by commit...

GSD-2023-1001290 media: s5p-mfc: Clear workbit to handle error condition

media: s5p-mfc: Clear workbit to handle error condition This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1000704 f2fs: fix the assign logic of iocb

f2fs: fix the assign logic of iocb This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit d555aa37566c5c3728f2e52047a9722eae2aed93, i...

GSD-2023-1000636 iommu/mediatek: Check return value after calling platform_get_resource()

iommu/mediatek: Check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

GSD-2023-1000624 nfc: pn533: Clear nfc_target before being used

nfc: pn533: Clear nfctarget before being used This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

Debian dla-3266 : viewvc - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3266 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3266-1 [email protected]...

CVE-2023-22464

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...

CVE-2023-22464

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...

Cross site scripting

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...

CVE-2023-22464

CVE-2023-22464 affects ViewVC (CVS/Subversion browser) prior to 1.2.3 (1.2.x) and 1.1.30 (1.1.x). The root cause is cross-site scripting via files with unsafe names that, when embedded in HTML, could execute code; impact is mitigated by requiring the attacker to have commit privileges to a Subver...

CVE-2023-22464 ViewVC XSS vulnerability in revision view changed path "copyfrom" locations

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...

CVE-2023-22464

Removed by vendor...

CVE-2023-22464 ViewVC XSS vulnerability in revision view changed path "copyfrom" locations

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...

Cross site scripting

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository...

CVE-2023-22456

CVE-2023-22456 affects ViewVC, a browser interface for CVS/Subversion repositories. The vulnerability is an cross-site scripting (XSS) flaw that impacts ViewVC versions before 1.2.2 (and 1.1.29). The attack requires the attacker to have commit privileges to a Subversion repository exposed by a tr...

CVE-2023-22456

Removed by vendor...

CVE-2023-22456 ViewVC XSS vulnerability in revision view changed paths

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository...

CVE-2023-22456 ViewVC XSS vulnerability in revision view changed paths

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository...