An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.
An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface.
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)
thunderbird-stable-3720230126161252.1
Thunderbird 102.7.1 release. For details, see https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/
syncthing-1.23.0-2.el8
Update to version 1.23.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0
Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.
syncthing-1.23.0-2.fc36
Update to version 1.23.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0
Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.
syncthing-1.23.0-2.el9
Update to version 1.23.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0
Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.
syncthing-1.23.0-2.fc37
Update to version 1.23.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0
Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.
golang-1.18.9-1.el7
Update to golang-1.18.9 using the same patches as on EL8, including security fixes for CVE-2022-32189, CVE-2022-27664, CVE-2022-27664, CVE-2022-32190, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2022-41720, and CVE-2022-41717
Posted by RedTeam Pentesting GmbH on Jan 26
RedTeam Pentesting identified a vulnerability which allows attackers to
craft URLs to any third-party website that result in arbitrary content
to be injected into the response when accessed through the Secure Web
Gateway. While it is possible to inject arbitrary content types, the
primary risk arises from JavaScript code allowing for cross-site
scripting.
Details
=======
Product: Secure Web Gateway
Affected Versions: 10.2.11, potentially other…
