CVE-2018-12290

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS...

CVE-2023-54235

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroyworkonstack race The following debug object splat was observed in testing: ODEBUG: free active active state 0 object: 0000000097d23782 object type: workstruct hint: doestatemachinework+0x0/0x510 WARNING: CPU: ...

CVE-2023-52456

A flaw was found in the UART driver handling RS485 communication in the Linux Kernel when an unexpected closure of the TTY port occurs, such as during a userland application crash. In this scenario, the imxuartshutdown function disables the UART interface and the Transmission Complete TC interrup...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TXEN pin. When the TTY port is closed in the middle of a...

CVE-2023-52456

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TXEN pin. When the TTY port is closed in the middle of a...

CVE-2023-52456 serial: imx: fix tx statemachine deadlock

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TXEN pin. When the TTY port is closed in the middle of a...

CVE-2023-52456

CVE-2023-52456 affects the Linux kernel, specifically the imx serial driver used for RS-485 when the TX state machine can deadlock if the TTY is closed mid-transmission. In that scenario, imx_uart_shutdown disables the interface and the Transmission Complete interrupt, causing imx_uart_stop_tx to...

CVE-2023-52456

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TXEN pin. When the TTY port is closed in the middle of a...

This Week in Spring - October 31st, 2023

Hi Spring fans, and Happy Halloween from the Spring team to those who celebrate! I hope your evening is fun and your day free of scary bugs! My friends, we've got some interesting stuff to look at this week so let's dive right into it. A Bootiful Podcast: Mr. Spring in Action, Craig Walls Spring...

Yii2-StateMachine extension for Yii2 XSS Vulnerability

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS...

GHSA-65QG-F77J-CCCF Yii2-StateMachine extension for Yii2 XSS Vulnerability

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS...

CVE-2018-12290

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS...

CVE-2018-12290

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS...

Cross site scripting

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS...

CVE-2018-12290

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS...

CVE-2018-12290

The CVE-2018-12290 entry concerns the Yii2-StateMachine extension for Yii2 (v2.x.x). Technical details in connected mappings confirm a cross-site scripting (XSS) vulnerability within this extension. The root cause is improper input handling leading to script injection in the Yii2-StateMachine cod...