MidnightBSD

Advisories for o

CVE-2022-45869

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.

Products Affected

Vendor Product Version
linux linux_kernel *
linux linux_kernel 6.1
o linux linux_kernel
CVE-2023-24497

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

Products Affected

Vendor Product Version
o milesight milesightvpn