531 matches found
PT-2024-34641 · Ibm · Ibm App Connect Enterprise Certified Container
Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise Certified Container versions 11.4 through 12.3 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. This could potentially...
Asterisk AMI Originate Authenticated RCE
On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with 'write=originate' may change all configuration files in the '/etc/asterisk/' directory. Writing a new extension can be created which performs a system command to...
Wordfence Price Increases Coming December 5th, 2024
We haven't raised our prices in a relatively high inflation environment in 2 years, and in the case of Wordfence Care and Response, for 2.5 years. So that time has come, and we want to let our free and paid user community know ahead of time. We’re giving you almost a month forewarning before we...
CVE-2024-49215
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-49294. Reason: This candidate is a reservation duplicate of CVE-2023-49294. Notes: All CVE users should reference CVE-2023-49294 instead of this candidate. All references and descriptions in this candidate have been removed t...
CVE-2024-49215
...
CVE-2024-49215
CVE-2024-49215 is a reservation/duplicate of CVE-2023-49294. The connected documents detail CVE-2023-49294 as an Asterisk vulnerability allowing reading arbitrary files when live_dangerously is not enabled; fixes are present in Asterisk releases such as 18.20.1, 20.5.1, and 21.0.1 (per Nessus/Deb...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.21 LTS, 12.0.4 LTS and 12.4.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...
How to Plan and Prepare for Penetration Testing
As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting BGH cyber criminals, a...
ROS-20240918-14
A vulnerability in Asterisk and Certified Asterisk IP telephony management systems is related to errors in sending a SIP request to a URI. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service and shutdown...
CVE-2024-34158 vulnerabilities
Vulnerabilities for packages: velero, cluster-autoscaler, tekton-chains, seaweedfs, git-lfs-fips, keda-fips, harbor-registry-fips, crossplane-provider-azure-authorization, osv-scanner, nri-postgresql, bank-vaults-fips, postgres-operator-fips, sbomqs, grafana-alloy, eck-operator-fips,...
The vulnerability of Asterisk IP-telephony management systems and Certified Asterisk, related to errors in sending SIP requests to URIs, allows attackers to trigger an emergency termination of the application’s operation.
The vulnerability of Asterisk IP-telephony systems and Certified Asterisk is related to errors in sending SIP requests with URIs. Exploiting this vulnerability can allow a malicious actor to cause service failures and terminate operations remotely...
CVE-2024-42491
CVE-2024-42491 affects Asterisk before versions 18.24.3, 20.9.3, 21.4.3 (and certified- branches 18.9-cert12, 20.7-cert2). When res_resolver_unbound is loaded and Asterisk sends a SIP request to a URI with a host starting with .1 or [.1], Asterisk will crash with a SEGV. Mitigation: upgrade to 18...
PT-2024-5928 · Sangoma +2 · Asterisk +3
Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 18.24.3, 20.9.3, and 21.4.3 Certified Asterisk versions prior to 18.9-cert12 and 20.7-cert2 Description: The issue is related to errors in sending SIP requests to URIs. If Asterisk attempts to send a SIP request to ...
CVE-2022-43915
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to...
CVE-2022-43915 IBM App Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to...
CVE-2022-43915 IBM App Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to...
CVE-2022-43915
CVE-2022-43915 affects IBM App Connect Enterprise Certified Container versions 5.0 through 12.1. The root cause is that calls to unshare are not limited in running Pods, allowing a user with privileged access to execute commands in a Pod and elevate privileges. Impact is privilege escalation with...
PT-2024-11667 · Ibm · Ibm App Connect Enterprise Certified Container
Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise Certified Container versions 5.0 through 12.1 Description: The issue allows a user with privileged access to execute commands in a running Pod, potentially elevating their user privileges due to the lack of limitati...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to priviledge escalation [CVE-2022-43915]
Summary IBM App Connect Enterprise Certified Container operands are vulnerable to privilege escalation due to not limiting the unshare command. This bulletin provides patch information to address the reported vulnerability. CVE-2022-43915 Vulnerability Details CVEID:CVE-2022-43915 DESCRIPTION: IB...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service [CVE-2023-45288]
Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service due to a Golang vulnerability. This bulletin provides patch information to address the reported vulnerability in the net/http and x/net/http2 packages. CVE-2023-45288 Vulnerability...