Read Time:6 Second
FEDORA-EPEL-2022-a324bfef02
Packages in this update:
strongswan-5.9.8-1.el8
Update description:
Resolves CVE-2022-40617
Category Archives: Advisories
USN-5570-2: zlib vulnerability
Read Time:19 Second
USN-5570-1 fixed a vulnerability in zlib. This update provides the
corresponding update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
Evgeny Legerov discovered that zlib incorrectly handled memory when
performing certain inflate operations. An attacker could use this issue
to cause zlib to crash, resulting in a denial of service, or possibly
execute arbitrary code.
strongswan-5.9.8-1.el9
Read Time:6 Second
FEDORA-EPEL-2022-14a54aad76
Packages in this update:
strongswan-5.9.8-1.el9
Update description:
Resolves CVE-2022-40617
CVE-2019-14841
Read Time:10 Second
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.
CVE-2020-35539
Read Time:26 Second
A flaw was found in WordPress 5.1. “X-Forwarded-For” is a HTTP header used to carry the client’s original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.
CVE-2017-7517
Read Time:17 Second
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called “MyProject”, and then later deletes it another user can then create a project called “MyProject” and access the metrics stored from the original “MyProject” instance.
CVE-2019-14840
Read Time:8 Second
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.
strongswan-5.9.8-1.fc36
Read Time:6 Second
FEDORA-2022-11bf2b2597
Packages in this update:
strongswan-5.9.8-1.fc36
Update description:
Resolves CVE-2022-40617
strongswan-5.9.8-1.fc37
Read Time:6 Second
FEDORA-2022-525510c815
Packages in this update:
strongswan-5.9.8-1.fc37
Update description:
Resolves CVE-2022-40617
Multiple Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator Could Allow for Remote Code Execution
Read Time:36 Second
Multiple vulnerabilities have been discovered in Aruba EdgeConnect Enterprise Orchestrator’s Web-Based Management Interface, the most severe of which could allow for remote code execution. Aruba EdgeConnect Enterprise Orchestrator is a widely used WAN management solution. Critical and easily exploitable flaws in this product introduce risks for systems and networks. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.