An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.
Category Archives: Advisories
CVE-2020-18330
An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface.
CVE-2018-25078
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)
thunderbird-stable-3720230126161252.1
FEDORA-FLATPAK-2023-120c9eb38b
Packages in this update:
thunderbird-stable-3720230126161252.1
Update description:
Thunderbird 102.7.1 release. For details, see https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/
syncthing-1.23.0-2.el8
FEDORA-EPEL-2023-d92a0ff759
Packages in this update:
syncthing-1.23.0-2.el8
Update description:
Update to version 1.23.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0
Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.
syncthing-1.23.0-2.fc36
FEDORA-2023-6d71ff268e
Packages in this update:
syncthing-1.23.0-2.fc36
Update description:
Update to version 1.23.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0
Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.
syncthing-1.23.0-2.el9
FEDORA-EPEL-2023-ef285688eb
Packages in this update:
syncthing-1.23.0-2.el9
Update description:
Update to version 1.23.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0
Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.
syncthing-1.23.0-2.fc37
FEDORA-2023-70eb8ba61e
Packages in this update:
syncthing-1.23.0-2.fc37
Update description:
Update to version 1.23.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0
Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.
golang-1.18.9-1.el7
FEDORA-EPEL-2023-970698785b
Packages in this update:
golang-1.18.9-1.el7
Update description:
Update to golang-1.18.9 using the same patches as on EL8, including security fixes for CVE-2022-32189, CVE-2022-27664, CVE-2022-27664, CVE-2022-32190, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2022-41720, and CVE-2022-41717
[RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin
Posted by RedTeam Pentesting GmbH on Jan 26
RedTeam Pentesting identified a vulnerability which allows attackers to
craft URLs to any third-party website that result in arbitrary content
to be injected into the response when accessed through the Secure Web
Gateway. While it is possible to inject arbitrary content types, the
primary risk arises from JavaScript code allowing for cross-site
scripting.
Details
=======
Product: Secure Web Gateway
Affected Versions: 10.2.11, potentially other…