A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.
A flaw was found in WordPress 5.1. “X-Forwarded-For” is a HTTP header used to carry the client’s original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called “MyProject”, and then later deletes it another user can then create a project called “MyProject” and access the metrics stored from the original “MyProject” instance.
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.
strongswan-5.9.8-1.fc36
Resolves CVE-2022-40617
strongswan-5.9.8-1.fc37
Resolves CVE-2022-40617
Multiple vulnerabilities have been discovered in Aruba EdgeConnect Enterprise Orchestrator’s Web-Based Management Interface, the most severe of which could allow for remote code execution. Aruba EdgeConnect Enterprise Orchestrator is a widely used WAN management solution. Critical and easily exploitable flaws in this product introduce risks for systems and networks. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
An integer overflow flaw was discovered in the CRL parser in libksba, an
X.509 and CMS support library, which could result in denial of service
or the execution of arbitrary code.
Posted by Thomas Weber on Oct 16
CyberDanube Security Research 20221009-0
——————————————————————————-
title| Authenticated Command Injection
product| Intelbras WiFiber 120AC inMesh
vulnerable version| 1.1-220216
fixed version| 1-1-220826
CVE number|
impact| High
homepage|…
