Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available.
The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch. Rated low severity (CVSS 3.3). No vendor patch available.
Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.