CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

CVE-2024-27053

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+ 333 N...

UBUNTU-CVE-2024-27053

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+ 333 N...

CVE-2024-27053

CVE-2024-27053 affects the Linux kernel WiFi Wilc1000 driver in the connect path. The root cause is incorrect RCU usage in wilc1000/hif.c during target BSS parameter parsing in the cfg80211 connect flow, which can dereference an RCU pointer outside an RCU critical section. A fix moves the RCU-der...

CVE-2024-27053 wifi: wilc1000: fix RCU usage in connect path

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+ 333 N...

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

CVE-2024-33423

CMSimple v5.15 is affected by a Cross-Site Scripting (XSS) vulnerability in the Settings menu, specifically via the Logout parameter under Language. The root cause is insufficient input filtering, allowing an attacker to inject arbitrary web scripts/HTML. Consequences could include script executi...

PT-2024-25246 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A Cross-Site Scripting XSS issue in the Settings menu of CMSimple allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

PT-2024-25247 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

CVE-2024-33424

CMSimple v5.15 is affected by an XSS in the Settings menu, via the Downloads parameter under Language. The vulnerability allows arbitrary web scripts/HTML to run in the user context when a crafted payload is used. Documented by multiple sources (CVE-2024-33424; RH; CNVD/CNNVD variants) with no ex...

Moderate: Red Hat Security Advisory: perl security update

An update for perl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

kernel: mm/sparsemem: fix race in accessing memory_section->usage

A race condition was found on a PFN in the Linux Kernel, which can fall into the device memory region with the system memory configuration. Normal zone start and end PFNs contain the device memory PFNs as well, and the compaction triggered will try on the device memory PFNs and end up in NOP. Thi...

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 grafana: vulnerable to authorization bypass CVE-2024-1313 For more...

Moderate: perl security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Write past buffer end via illegal user-defined Unicode property CVE-2023-47038 For more details about the security issues, including the impact, a CVSS...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr...

The vulnerability of the “Downloads” section in Microsoft Edge and Google Chrome browsers allows attackers to access confidential information.

The vulnerability of the “Downloads” section in Microsoft Edge and Google Chrome is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information remotely...