CVE-2019-17997

LayerBB 1.1.3 has a cross-site scripting issue linked to CVE-2019-13972, allowing XSS via the pm_title parameter in application/commands/new.php. The connected records note this as a related issue to CVE-2019-17997, indicating the vector relies on the pm_title input. The documentation confirms th...

CVE-2019-18940

CVE-2019-18976 describes a NULL pointer dereference in res_pjsip_t38.c affecting Sangoma Asterisk up to version 13.x and Certified Asterisk up to 13.21-x. If a re-invite for T.38 faxing arrives and the SDP contains a port of 0 with no c line, a crash can occur. This vulnerability is distinct from...

CVE-2023-23336

CVE-2023-43336 affects Sangoma FreePBX prior to 15.0.18, 16.0.40, 15.0.16, and 16.0.17. The root cause is an access control issue caused by a modified parameter value (for example, changing extension=self to extension=101). This could allow bypass of access controls as described in the connected ...

CVE-2021-25817

The Initial CVE-2021-25817 entry is a reserved placeholder. Connected documents provide concrete details for CVE-2020-25817 (SilverStripe through 4.6.0-rc1) describing an XXE vulnerability in CSSContentParser. A developer utility used for parsing HTML in unit tests can be exploited to trigger XXE...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets CVE-2023-52654 In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for biointegrityprep...

CVE-2023-6531

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

CVE-2023-6531

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

Design/Logic Flaw

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

CVE-2023-6531

CVE-2023-6531 is a Linux kernel use-after-free race in the unix garbage collector where deletion of SKB races with unix_stream_read_generic() on the socket the SKB is queued on. The issue enables local privilege escalation as described in multiple advisories. Public documents consistently identif...

"Not entitled" error when accessing Device Posture in SPA service

User may face the following error when accessing Device Posture in SPASecure Private Access service...

CVE-2024-0409 Xorg-x11-server: selinux context corruption

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...

CVE-2032-43016

Technical details for CVE-2032-43016 are not publicly available in the provided documents; monitoring for updates is advised.

CVE-2021-234550

CVE-2021-234550 affects IBM Spectrum Control (versions 5.4.0–5.4.5.2). The issue is a Dojo prototype pollution in setObject that could allow a remote attacker to execute arbitrary code by sending a specially crafted request. IBM lists a fix in Spectrum Control v5.4.6. Other related advisories not...

CVE-2024-21680

A RCE vulnerability (CVSS 3.0: AV=L/AC=L/PR=N/UI=R/S=U/C/H/I/H/A:H) was introduced in Sourcetree for Mac and Sourcetree for Windows version 3.4.14. The issue allows an unauthenticated attacker to execute arbitrary code with high impact to confidentiality, integrity, and availability, requiring us...

Application Security Posture Management

Accelerating the Remediation of Vulnerabilities From Code To Cloud Written by Eric Sheridan, Chief Innovation Officer, Tromzo In this guest blog post by Eric Sheridan, Chief Innovation Officer at valued Rapid7 partner Tromzo, you’ll learn how Rapid7 customers can utilize ASPM solutions to...

CVE-2022-45592

CVE-2022-45592 is discussed in connected documents as affecting Linux distributions (notably Debian/Ubuntu) with a set of issues: Server-Side Request Forgery (SSRF), persistent Cross-Site Scripting (XSS), and a File Upload vulnerability. The Nessus NASL notes unpatched status for Debian/Ubuntu pa...

CVE-2022-45794

creationtimestamp| type| source ---|---|--- 2024-01-11 00:31:29+00:00| seen| https://t.me/ctinow/166239 2025-05-22 16:44:27+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17320...

CVE-2022-43876

CVE-2022-43876 affects IBM Security Verify Access OpenID Connect Provider container. The IBM bulletin states an information-disclosure flaw where web pages can be stored locally by the OIDC Provider and read by another user on the same system. Affected IBM Security Verify Access OIDC Provider ver...

CVE-2023-6531

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on. Mitigation Mitigation for this issue is either not available or the currently available options don't...

The "Power Status" of all VDAs are displayed as "Unknown"

In DaaS management, the "Power Status" of all VDAs was displayed as "Unknown",Power control startup, shutdown, restart, etc. could not be performed. Also, when power control was executed, the log on the Citrix side would show "Success".However, the power action was not executed on the Azure VDA...