CVE-2022-2205

Technical details for CVE-2022-2205 are not publicly available in the provided documents. Monitor for updates.

CVE-2022-2205

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

CVE-2024-1314

The connected documents describe a vulnerability in Kinto-Attachment where an existing record’s attachment can be replaced when a user has read permission on a parent collection or bucket. Impact occurs if read access exists on a parent (and can be exploited anonymously if system.Everyone has rea...

CVE-2024-25558

The CVE-2024-25558 entry is associated with Google ChromeOS: the PowerVR GPU driver contains an integer overflow in DevmemIntChangeSparse() that enables controllable out-of-bounds writes. This could lead to memory corruption or elevation of privileges, as described in ChromeOS security notes tied...

CVE-2024-25556

ChromeOS update note confirms CVE-2024-25556 is an in-system, publicly acknowledged issue: an out-of-bounds write in the PhysmemCreateNewDmaBufBackedPMR path. Affected product family: ChromeOS/ChromeOS Flex. The security fix is included in the Stable channel update for OS version 15699.58.0 and B...

CVE-2024-1281

CVE-2024-1281 is tied to a ChromeOS/ChromeOS Flex issue: a buffer/Out-of-Bounds write in the cam_lrme_mgr_hw_prepare_update function in Chrome OS. The PT security entry for Google Chrome OS (PT-2023-8539) describes a related buffer overflow in the same component, noting privilege-escalation impac...

CVE-2024-1280

CVE-2024-1280 is an out-of-bounds/write issue in the CAMX driver of ChromeOS, leading to privilege escalation/arbitrary code execution. The ChromeOS update notes list CVE-2024-1280 as a Medium severity fix in the CAMX driver and indicate the patch is included in the OS/browser updates (OS version...

CVE-2019-17997

LayerBB 1.1.3 has a cross-site scripting issue linked to CVE-2019-13972, allowing XSS via the pm_title parameter in application/commands/new.php. The connected records note this as a related issue to CVE-2019-17997, indicating the vector relies on the pm_title input. The documentation confirms th...

CVE-2019-18940

CVE-2019-18976 describes a NULL pointer dereference in res_pjsip_t38.c affecting Sangoma Asterisk up to version 13.x and Certified Asterisk up to 13.21-x. If a re-invite for T.38 faxing arrives and the SDP contains a port of 0 with no c line, a crash can occur. This vulnerability is distinct from...

CVE-2023-23336

CVE-2023-43336 affects Sangoma FreePBX prior to 15.0.18, 16.0.40, 15.0.16, and 16.0.17. The root cause is an access control issue caused by a modified parameter value (for example, changing extension=self to extension=101). This could allow bypass of access controls as described in the connected ...

CVE-2021-25817

The Initial CVE-2021-25817 entry is a reserved placeholder. Connected documents provide concrete details for CVE-2020-25817 (SilverStripe through 4.6.0-rc1) describing an XXE vulnerability in CSSContentParser. A developer utility used for parsing HTML in unit tests can be exploited to trigger XXE...

CVE-2032-43016

Technical details for CVE-2032-43016 are not publicly available in the provided documents; monitoring for updates is advised.

CVE-2021-234550

CVE-2021-234550 affects IBM Spectrum Control (versions 5.4.0–5.4.5.2). The issue is a Dojo prototype pollution in setObject that could allow a remote attacker to execute arbitrary code by sending a specially crafted request. IBM lists a fix in Spectrum Control v5.4.6. Other related advisories not...

CVE-2024-21680

A RCE vulnerability (CVSS 3.0: AV=L/AC=L/PR=N/UI=R/S=U/C/H/I/H/A:H) was introduced in Sourcetree for Mac and Sourcetree for Windows version 3.4.14. The issue allows an unauthenticated attacker to execute arbitrary code with high impact to confidentiality, integrity, and availability, requiring us...

CVE-2022-45592

CVE-2022-45592 is discussed in connected documents as affecting Linux distributions (notably Debian/Ubuntu) with a set of issues: Server-Side Request Forgery (SSRF), persistent Cross-Site Scripting (XSS), and a File Upload vulnerability. The Nessus NASL notes unpatched status for Debian/Ubuntu pa...

CVE-2022-45794

creationtimestamp| type| source ---|---|--- 2024-01-11 00:31:29+00:00| seen| https://t.me/ctinow/166239 2025-05-22 16:44:27+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17320...

CVE-2022-43876

CVE-2022-43876 affects IBM Security Verify Access OpenID Connect Provider container. The IBM bulletin states an information-disclosure flaw where web pages can be stored locally by the OIDC Provider and read by another user on the same system. Affected IBM Security Verify Access OIDC Provider ver...

CVE-2023-3283

The connected Palo Alto advisory PA-CVE-2023-6789 details a stored XSS vulnerability in PAN-OS web interface. It allows a malicious authenticated read-write administrator to store a JavaScript payload via the web interface, which executes when viewed by an authenticated administrator, proxying al...

CVE-2023-37366

CVE-2023-37366 is a DoS flaw affecting Google Pixel cellular baseband/modem components. Public details from Pixel security bulletin map it to a DoS issue for Pixel devices (2023-12 patch level). An OSV entry confirms a root cause in cd_parseMsg of cd_codec.c where improper input validation can ca...

Information disclosure

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...