Asterisk suffers from a possible remote SQL injection vulnerability. Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to func_odbc which includes backslashes it is possible for func_odbc to construct a broken SQL query and the SQL query to fail. Asterisk Open Source versions 16.x up to but not including 16.25.2, 18.x up to but not including 18.11.2, and 19.x up to but not including 19.3.2 are affected. Certified Asterisk versions 16.x up to but not including 16.8-cert14 are affected.
edf4f6fe7b4776e5bf9d41e581c5c4269feb931cb02ec2fa3c1c40c0cbad95e5
Asterisk suffers from a server-side request forgery vulnerability. When using STIR/SHAKEN, it is possible to send arbitrary requests like GET to interfaces such as localhost using the Identity header. Asterisk Open Source versions 16.15.0 up to but not including 16.25.2, 18.x up to but not including 18.11.2, and 19.x up to but not including 19.3.2 are affected.
7727f89aa5888d067b6bf9ed78cdb7e6304adf0a733433e0687a3678d88eb17b
When using STIR/SHAKEN in Asterisk, it is possible to download files that are not certificates. These files could be much larger than what you would expect to download. Asterisk Open Source versions 16.15.0 up to but not including 16.25.2, 18.x up to but not including 18.11.2, and 19.x up to but not including 19.3.2 are affected.
1fc78214ca3a80d4d46428ca4fdf01c6fc39ae8d4fd32be3d9c901d7bd98b5b1
Siemens A8000 CP-8050/CP-8031 SICAM WEB suffers from denial of service and a missing authentication vulnerability that allows for file download.
7f0a0ec0c017ac5bb71670246359ab27291e0f6543e3a3b66f3b4ecf9cd874dc
Whitepaper called Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps.
050dc6588d019c0fec02dfa4d049708c93c8ad0e15fb67374316108e1ab679a3
Backdoor.Win32.NetSpy.10 malware suffers from a remote command execution vulnerability.
d4e19fff45af9d363192a77fcd76bb3ade5c0132e0f6803f99b2b75499a19cba
Backdoor.Win32.NetCat32.10 malware suffers from a remote command execution vulnerability.
1697d2e1a9f601d1fbe3aa95f78b980c8adb17c71abb4e3e0d9fb3228841fc60
Backdoor.Win32.NinjaSpy.c malware suffers from an authentication bypass vulnerability.
041ec29b699be65bde2accb9306accd03701764098f6d10f41ef363be3214f55
Email-Worm.Win32.Pluto.b malware suffers from an insecure permissions vulnerability.
68f8fa4d70be3d26a2377d8d622f567429f0b38def84b98132d57cb416f47ae6
Backdoor.Win32.Kilo.016 malware suffers from a denial of service vulnerability.
2d02449aaa96b78888ff4a1ac900a5aed9b8ca0b7f5bb092c3e5069b85184d69
HackTool.Win32.IpcScan.c malware suffers from a buffer overflow vulnerability.
9f6c8558b2fd54132bcbc7fb7ec9094dc5480dbb618f8e26e8945badd9b41aa7
Backdoor.Win32.Psychward.03.a malware suffers from a weak hardcoded password vulnerability.
722b26af34669dea510fb5a4714b9de590b14a85c0973262ca29e298b043e591
Backdoor.Win32.Prorat.cwx malware suffers from an insecure permissions vulnerability.
950762fec2e8818d8cb4267e82687de2de7315dad47e47dbe86f1a16bf9c4349
Backdoor.Win32.MotivFTP.12 malware suffers from an authentication bypass vulnerability.
e993e5fd524fee01d252b9209f7259f7ea9e7d86460076371e0808a99131d1ab
Red Hat Security Advisory 2022-1379-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and business optimization for solving planning problems. It automates business decisions and makes that logic available to the entire business. This asynchronous security patch is an update to Red Hat Decision Manager 7. Issues addressed include a code execution vulnerability.
8742dc923803844fc89249f794ccf78fdacb0e77bfa1999ffc83e938c7bdad8a
Red Hat Security Advisory 2022-1378-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Issues addressed include a code execution vulnerability.
61c4d0a3c6914696757b1d47c3264a3dcba3bbcd41fbb6a93da20da46400d0b5
Microsoft HTTP protocol stack denial of service exploit that leverages the vulnerability in CVE-2022-21907.
0035e8f68394e431f30fc5f6c1453975239fafaabddd9ec475fac32868642729