Lucene search
K

531 matches found

Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.5 views

PT-2024-34641 · Ibm · Ibm App Connect Enterprise Certified Container

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise Certified Container versions 11.4 through 12.3 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. This could potentially...

8.8CVSS8.4AI score0.00664EPSS
Exploits0References10
Metasploit
Metasploit
added 2024/12/02 6:57 p.m.560 views

Asterisk AMI Originate Authenticated RCE

On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with 'write=originate' may change all configuration files in the '/etc/asterisk/' directory. Writing a new extension can be created which performs a system command to...

8.8CVSS7.7AI score0.04703EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2024/11/07 10:24 p.m.19 views

Wordfence Price Increases Coming December 5th, 2024

We haven't raised our prices in a relatively high inflation environment in 2 years, and in the case of Wordfence Care and Response, for 2.5 years. So that time has come, and we want to let our free and paid user community know ahead of time. We’re giving you almost a month forewarning before we...

7.4AI score
Exploits0
OSV
OSV
added 2024/10/21 1:15 a.m.23 views

CVE-2024-49215

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-49294. Reason: This candidate is a reservation duplicate of CVE-2023-49294. Notes: All CVE users should reference CVE-2023-49294 instead of this candidate. All references and descriptions in this candidate have been removed t...

7.7AI score
Exploits3
Vulnrichment
Vulnrichment
added 2024/10/21 12:0 a.m.21 views

CVE-2024-49215

...

6.5AI score
Exploits3
CVE
CVE
added 2024/10/21 12:0 a.m.80 views

CVE-2024-49215

CVE-2024-49215 is a reservation/duplicate of CVE-2023-49294. The connected documents detail CVE-2023-49294 as an Asterisk vulnerability allowing reading arbitrary files when live_dangerously is not enabled; fixes are present in Asterisk releases such as 18.20.1, 20.5.1, and 21.0.1 (per Nessus/Deb...

7.1AI score
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 9:59 a.m.45 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.21 LTS, 12.0.4 LTS and 12.4.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

9.1CVSS8.9AI score0.36081EPSS
Exploits2Affected Software1
The Hacker News
The Hacker News
added 2024/09/27 11:26 a.m.19 views

How to Plan and Prepare for Penetration Testing

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting BGH cyber criminals, a...

7.7AI score
Exploits0
Redos
Redos
added 2024/09/19 12:0 a.m.21 views

ROS-20240918-14

A vulnerability in Asterisk and Certified Asterisk IP telephony management systems is related to errors in sending a SIP request to a URI. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service and shutdown...

5.7CVSS6.7AI score0.00553EPSS
Exploits0
Chainguard
Chainguard
added 2024/09/06 9:15 p.m.20 views

CVE-2024-34158 vulnerabilities

Vulnerabilities for packages: velero, cluster-autoscaler, tekton-chains, seaweedfs, git-lfs-fips, keda-fips, harbor-registry-fips, crossplane-provider-azure-authorization, osv-scanner, nri-postgresql, bank-vaults-fips, postgres-operator-fips, sbomqs, grafana-alloy, eck-operator-fips,...

7.5CVSS6.8AI score0.01046EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/09/06 12:0 a.m.6 views

The vulnerability of Asterisk IP-telephony management systems and Certified Asterisk, related to errors in sending SIP requests to URIs, allows attackers to trigger an emergency termination of the application’s operation.

The vulnerability of Asterisk IP-telephony systems and Certified Asterisk is related to errors in sending SIP requests with URIs. Exploiting this vulnerability can allow a malicious actor to cause service failures and terminate operations remotely...

6.8CVSS5.4AI score0.00553EPSS
Exploits0References8Affected Software2
CVE
CVE
added 2024/09/05 5:17 p.m.102 views

CVE-2024-42491

CVE-2024-42491 affects Asterisk before versions 18.24.3, 20.9.3, 21.4.3 (and certified- branches 18.9-cert12, 20.7-cert2). When res_resolver_unbound is loaded and Asterisk sends a SIP request to a URI with a host starting with .1 or [.1], Asterisk will crash with a SEGV. Mitigation: upgrade to 18...

5.7CVSS5.8AI score0.00553EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.6 views

PT-2024-5928 · Sangoma +2 · Asterisk +3

Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 18.24.3, 20.9.3, and 21.4.3 Certified Asterisk versions prior to 18.9-cert12 and 20.7-cert2 Description: The issue is related to errors in sending SIP requests to URIs. If Asterisk attempts to send a SIP request to ...

8.8CVSS6AI score0.4557EPSS
Exploits13References59
NVD
NVD
added 2024/08/24 12:15 p.m.19 views

CVE-2022-43915

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to...

8.1CVSS0.00389EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/24 11:22 a.m.15 views

CVE-2022-43915 IBM App Connect Enterprise Certified Container

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to...

6.8CVSS7.3AI score0.00389EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/24 11:22 a.m.28 views

CVE-2022-43915 IBM App Connect Enterprise Certified Container

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to...

6.8CVSS0.00389EPSS
Exploits0References2
CVE
CVE
added 2024/08/24 11:22 a.m.49 views

CVE-2022-43915

CVE-2022-43915 affects IBM App Connect Enterprise Certified Container versions 5.0 through 12.1. The root cause is that calls to unshare are not limited in running Pods, allowing a user with privileged access to execute commands in a Pod and elevate privileges. Impact is privilege escalation with...

8.1CVSS7.2AI score0.00389EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.4 views

PT-2024-11667 · Ibm · Ibm App Connect Enterprise Certified Container

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise Certified Container versions 5.0 through 12.1 Description: The issue allows a user with privileged access to execute commands in a running Pod, potentially elevating their user privileges due to the lack of limitati...

8.1CVSS7.4AI score0.00389EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/23 10:5 a.m.17 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to priviledge escalation [CVE-2022-43915]

Summary IBM App Connect Enterprise Certified Container operands are vulnerable to privilege escalation due to not limiting the unshare command. This bulletin provides patch information to address the reported vulnerability. CVE-2022-43915 Vulnerability Details CVEID:CVE-2022-43915 DESCRIPTION: IB...

8.1CVSS7.4AI score0.00389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/23 9:57 a.m.28 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service [CVE-2023-45288]

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service due to a Golang vulnerability. This bulletin provides patch information to address the reported vulnerability in the net/http and x/net/http2 packages. CVE-2023-45288 Vulnerability...

7.5CVSS7.7AI score0.91969EPSS
Exploits1Affected Software1
Rows per page
Query Builder