FEDORA-2022-11bf2b2597
Packages in this update:
strongswan-5.9.8-1.fc36
Update description:
Resolves CVE-2022-40617
strongswan-5.9.8-1.fc36
Resolves CVE-2022-40617
strongswan-5.9.8-1.fc37
Resolves CVE-2022-40617
Multiple vulnerabilities have been discovered in Aruba EdgeConnect Enterprise Orchestrator’s Web-Based Management Interface, the most severe of which could allow for remote code execution. Aruba EdgeConnect Enterprise Orchestrator is a widely used WAN management solution. Critical and easily exploitable flaws in this product introduce risks for systems and networks. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
An integer overflow flaw was discovered in the CRL parser in libksba, an
X.509 and CMS support library, which could result in denial of service
or the execution of arbitrary code.
Posted by Thomas Weber on Oct 16
CyberDanube Security Research 20221009-0
——————————————————————————-
title| Authenticated Command Injection
product| Intelbras WiFiber 120AC inMesh
vulnerable version| 1.1-220216
fixed version| 1-1-220826
CVE number|
impact| High
homepage|…
Posted by malvuln on Oct 16
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/1164ef21ef2af97e0339359c0dce5e7d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.DarkSky.23
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5418. Third-party adversaries
who can reach the server can send a specially crafted payload triggering a
stack…
Posted by Apple Product Security via Fulldisclosure on Oct 16
APPLE-SA-2022-10-10-1 iOS 16.0.3
iOS 16.0.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213480.
Mail
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted email message may lead to a
denial-of-service
Description: An input validation issue was addressed with improved
input validation.
CVE-2022-22658
This update is available through iTunes and…
Posted by Matthew Fernandez on Oct 16
I am not quite sure what point you’re making. CVE-2021-43618 is a
different issue; a programming error that results in a segfault. I.e.
even if an application using libgmp supplied their own allocator,¹ they
could still experience segfaults when dealing with malicious input.
The case you brought to FD (IIUC) is an input including large numbers
that causes libgmp to exhaust memory when dealing with them. In this
case, an application…
Posted by Georgi Guninski on Oct 16
Observe that ubuntu issue advisory about libgmp crash
without mentioning potential exploitability.
quote:
https://ubuntu.com/security/notices/USN-5672-1
Details
12 October 2022
It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.
References
CVE-2021-43618