CVE-2023-1536
published 2023-03-21CVE-2023-1536: Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.52%
40.1th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| answer | answer | < 1.0.7 | 1.0.7 |
| answerdev | answerdev_answer | >= unspecified < 1.0.7 | 1.0.7 |
| github.com | answerdev_answer | >= 0 < 1.0.7 | 1.0.7 |
| linux | linux_kernel | >= 4.13.0 < 4.14.313 | 4.14.313 |
| linux | linux_kernel | >= 4.15.0 < 4.19.281 | 4.19.281 |
| linux | linux_kernel | >= 4.20.0 < 5.4.241 | 5.4.241 |
| linux | linux_kernel | >= 5.11.0 < 5.15.108 | 5.15.108 |
| linux | linux_kernel | >= 5.16.0 < 6.1.25 | 6.1.25 |
| linux | linux_kernel | >= 5.5.0 < 5.10.178 | 5.10.178 |
| linux | linux_kernel | >= 6.2.0 < 6.2.12 | 6.2.12 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.07.6HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
net: macb: fix a memory corruption in extended buffer descriptor mode
osv·2025-12-30
CVE-2023-54257 net: macb: fix a memory corruption in extended buffer descriptor mode
net: macb: fix a memory corruption in extended buffer descriptor mode
In the Linux kernel, the following vulnerability has been resolved:
net: macb: fix a memory corruption in extended buffer descriptor mode
For quite some time we were chasing a bug which looked like a sudden
permanent failure of networking and mmc on some of our devices.
The bug was very sensitive to any software changes and even more to
any kernel debug options.
Finally we got a setup where the problem was reproducible with
CONFIG_DMA_API_DEBUG=y and it revealed the issue with the rx dma:
[ 16.992082] ------------[ cut here ]------------
[ 16.996779] DMA-API: macb ff0b0000.ethernet: device driver tries to free DMA memory it has not allocated [device address=0x0000000875e3e244] [size=1536 bytes]
[ 17.011049] WARNING:
OSV
Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer
osv·2024-08-20
CVE-2023-1536 Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer
Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer
Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer
GHSA
Answer vulnerable to Stored Cross-site Scripting
ghsa·2023-03-21
CVE-2023-1536 [MEDIUM] CWE-79 Answer vulnerable to Stored Cross-site Scripting
Answer vulnerable to Stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
OSV
Answer vulnerable to Stored Cross-site Scripting
osv·2023-03-21
CVE-2023-1536 [MEDIUM] Answer vulnerable to Stored Cross-site Scripting
Answer vulnerable to Stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
Red Hat
kernel: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
vendor_redhat·2024-05-17·CVSS 5.5
CVE-2023-52662 [MEDIUM] kernel: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
kernel: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
When ida_alloc_max fails, resources allocated before should be freed,
including *res allocated by kmalloc and ttm_resource_init.
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
The Linux kernel CVE team has assigned CVE-2023-52662 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024051740-CVE-2023-52662-1536@gregkh/T
Package: kernel (Red Hat Enterprise Linux 6) - Out of support scope
Package: kernel (Red Hat Enterprise Linux 7) - Out of support scope
Package: kernel-rt (Red Hat Enterprise Linux 7) - Out of su
No detection rules found.
No public exploits indexed.
2023-03-21
Published