93 matches found
CVE-2024-33423
Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...
CVE-2024-33424
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...
CVE-2024-33424
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...
CVE-2024-33423
CMSimple v5.15 is affected by a Cross-Site Scripting (XSS) vulnerability in the Settings menu, specifically via the Logout parameter under Language. The root cause is insufficient input filtering, allowing an attacker to inject arbitrary web scripts/HTML. Consequences could include script executi...
CVE-2024-32345
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...
CVE-2024-32345
CMSimple v5.15 is affected by a cross-site scripting (XSS) vulnerability in the Settings menu, specifically via the Configuration parameter under Language. The underlying issue is insufficient filtering/escaping of user-supplied data in that parameter, enabling attackers to inject arbitrary web s...
CVE-2024-32344
CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...
CVE-2024-32344
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...
GSD-2023-1002098 dmaengine: idxd: Let probe fail when workqueue cannot be enabled
dmaengine: idxd: Let probe fail when workqueue cannot be enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.90 by commit...
GSD-2023-1001735 dmaengine: idxd: Let probe fail when workqueue cannot be enabled
dmaengine: idxd: Let probe fail when workqueue cannot be enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.90 by commit...
GSD-2023-1001696 octeontx2-pf: Fix resource leakage in VF driver unbind
octeontx2-pf: Fix resource leakage in VF driver unbind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...
GSD-2023-1001666 dmaengine: idxd: Let probe fail when workqueue cannot be enabled
dmaengine: idxd: Let probe fail when workqueue cannot be enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.8 by commit...
GSD-2023-1000935 dm thin: Use last transaction's pmd->root when commit failed
dm thin: Use last transaction's pmd-root when commit failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...
GSD-2023-1000648 ksmbd: Fix resource leak in ksmbd_session_rpc_open()
ksmbd: Fix resource leak in ksmbdsessionrpcopen This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...
GSD-2023-1000132 octeontx2-pf: Fix potential memory leak in otx2_init_tc()
octeontx2-pf: Fix potential memory leak in otx2inittc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.83 by commit...
GSD-2022-1007866 IB/hfi1: Correctly move list in sc_disable()
IB/hfi1: Correctly move list in scdisable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.8 by commit...
GSD-2022-1006896 ksmbd: fix incorrect handling of iterate_dir
ksmbd: fix incorrect handling of iteratedir This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1006537 gpio: mockup: Fix potential resource leakage when register a chip
gpio: mockup: Fix potential resource leakage when register a chip This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.12 by commit...
GSD-2022-1005677 ksmbd: fix heap-based overflow in set_ntacl_dacl()
ksmbd: fix heap-based overflow in setntacldacl This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.62 by commit...
GSD-2022-1005466 xfrm: policy: fix metadata dst->dev xmit null pointer dereference
xfrm: policy: fix metadata dst-dev xmit null pointer dereference This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.64 by commit...