Oracle Security Alerts
Table of Contents
- Oracle Security Alerts
- Amazon AWS Security Advisories
- Adobe Security Bulletins and Advisories
- Google Security Advisories
- Mozilla Security Advisories
- Apple Security Advisory
- Ubuntu Security Notices
- Red Hat Security Advisory
- Cisco Security Advisory
- Microsoft Security
- Jenkins Security Advisories
- Github Security Advisories
Oracle Critical Patch Update Advisory – April 2022
Amazon AWS Security Advisories
Reported Apache Log4j Hotpatch Issues
Reported AWS Desktop VPN Client for Windows Issue
Reported Amazon RDS PostgreSQL issue
Adobe Security Bulletins and Advisories
Security updates available for Adobe Photoshop | APSB21-28 APSB22-20
Security Updates Available for Magento | APSB21-08 APSB22-13
Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-16
Google Security Advisories
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Mozilla Security Advisories
Security Vulnerabilities fixed in Firefox ESR 91.8 mfsa2022-14
Security Vulnerabilities fixed in Firefox 99 mfsa2022-13
Security Vulnerabilities fixed in Thunderbird 91.8 mfsa2022-15
Apple Security Advisory
macOS Monterey 12.3.1 Security Content
iOS 15.4.1 and iPadOS 15.4.1 Security Content
Ubuntu Security Notices
USN-5385-1: Linux kernel vulnerabilities
USN-5384-1: Linux kernel vulnerabilities
USN-5383-1: Linux kernel vulnerabilities
USN-5382-1: libinput vulnerability
USN-5381-1: Linux kernel (OEM) vulnerabilities
USN-5380-1: Bash vulnerability
USN-5379-1: klibc vulnerabilities
USN-5378-4: Gzip vulnerability
USN-5378-3: XZ Utils vulnerability
USN-5378-2: XZ Utils vulnerability
USN-5378-1: Gzip vulnerability
USN-5377-1: Linux kernel (BlueField) vulnerabilities
USN-5376-1: Git vulnerability
USN-5372-1: Subversion vulnerabilities
USN-5371-1: nginx vulnerabilities
USN-5374-1: libarchive vulnerability
USN-5373-2: Django vulnerabilities
USN-5373-1: Django vulnerabilities
USN-5331-2: tcpdump vulnerabilities
USN-5370-1: Firefox vulnerabilities
USN-5369-1: oslo.utils vulnerability
USN-5366-1: FriBidi vulnerabilities
USN-5368-1: Linux kernel vulnerabilities
USN-5365-1: H2 vulnerabilities
USN-5364-1: Waitress vulnerability
USN-5362-1: Linux kernel (Intel IOTG) vulnerabilities
USN-5361-1: Linux kernel vulnerabilities
USN-5358-2: Linux kernel vulnerabilities
USN-5357-2: Linux kernel vulnerability
USN-5360-1: Tomcat vulnerabilities
USN-5359-1: rsync vulnerability
USN-5358-1: Linux kernel vulnerabilities
USN-5357-1: Linux kernel vulnerability
USN-5355-2: zlib vulnerability
USN-5356-1: DOSBox vulnerabilities
USN-5355-1: zlib vulnerability
USN-5354-1: Twisted vulnerabilities
USN-5351-2: Paramiko vulnerability
USN-5313-2: OpenJDK 11 regression
USN-5353-1: Linux kernel (OEM) vulnerability
USN-5352-1: Libtasn1 vulnerability
USN-5351-1: Paramiko vulnerability
USN-5349-1: GNU binutils vulnerability
USN-5350-1: Chromium vulnerability
USN-5348-1: Smarty vulnerabilities
USN-5342-1: Python vulnerabilities
Red Hat Security Advisory
(RHSA-2022:1356) Moderate: OpenShift Container Platform 4.10.10 bug fix and security update
(RHSA-2022:1461) Important: Logging Subsystem 5.4 – Red Hat OpenShift Security and Bug update
(RHSA-2022:1478) Important: Satellite 6.9.9 Async Bug Fix Update
(RHSA-2022:1389) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
(RHSA-2022:1390) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
(RHSA-2022:1476) Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes
(RHSA-2022:1469) Low: Red Hat Single Sign-On 7.5.2 security update
(RHSA-2022:1363) Moderate: OpenShift Container Platform 4.9.29 bug fix and security update
(RHSA-2022:1463) Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 8
(RHSA-2022:1462) Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 7
(RHSA-2022:1440) Important: java-11-openjdk security, bug fix, and enhancement update
(RHSA-2022:1442) Important: java-11-openjdk security update
(RHSA-2022:1445) Important: java-17-openjdk security and bug fix update
(RHSA-2022:1444) Important: java-11-openjdk security update
(RHSA-2022:1441) Important: java-11-openjdk security update
(RHSA-2022:1443) Important: java-11-openjdk security update
(RHSA-2022:1370) Moderate: OpenShift Container Platform 4.8.37 security and extras update
(RHSA-2022:1336) Important: OpenShift Container Platform 4.7.49 security update
(RHSA-2022:1357) Moderate: OpenShift Container Platform 4.10.10 security and extras update
(RHSA-2022:1418) Important: kpatch-patch security update
(RHSA-2022:1407) Moderate: container-tools:2.0 security and bug fix update
(RHSA-2022:1410) Low: 389-ds:1.4 security and bug fix update
(RHSA-2022:1417) Important: kernel security update
(RHSA-2022:1413) Important: kernel-rt security and bug fix update
(RHSA-2022:1402) Moderate: OpenShift Virtualization 2.6.10 RPMs security and bug fix update
(RHSA-2022:1396) Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update
(RHSA-2022:1394) Important: Red Hat Ceph Storage 3 Security and Bug Fix update
(RHSA-2022:1379) Low: Red Hat Decision Manager 7.12.1 security update
(RHSA-2022:1378) Low: Red Hat Process Automation Manager 7.12.1 security update
(RHSA-2022:1373) Important: kpatch-patch security update
(RHSA-2022:1372) Important: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update
(RHSA-2022:1361) Important: Red Hat OpenShift Data Foundation 4.10.0 RPM security,enhancement&bugfix update
(RHSA-2022:1360) Low: Red Hat Fuse 7.10.2 release and security update
(RHSA-2022:1354) Moderate: rh-dotnet31-curl security update
(RHSA-2022:1248) Important: OpenShift Container Platform 4.7.48 packages and security update
(RHSA-2022:1345) Moderate: Red Hat AMQ Streams 2.1.0 release and security update
(RHSA-2022:1179) Important: Red Hat support for Spring Boot 2.5.10 update
(RHSA-2022:1333) Low: Red Hat Integration Camel-K 1.6.5 security update
(RHSA-2022:1329) Moderate: OpenShift Virtualization 4.8.5 RPMs security update
(RHSA-2022:1324) Important: kernel security and bug fix update
(RHSA-2022:1326) Important: thunderbird security update
(RHSA-2022:1154) Important: OpenShift Container Platform 4.8.36 security update
(RHSA-2022:1153) Important: OpenShift Container Platform 4.8.36 security update
(RHSA-2022:1309) Important: expat security update
(RHSA-2022:1305) Important: thunderbird security update
(RHSA-2022:1306) Low: Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security update
(RHSA-2022:1302) Important: thunderbird security update
(RHSA-2022:1301) Important: thunderbird security update
(RHSA-2022:1303) Important: thunderbird security update
(RHSA-2022:1299) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
(RHSA-2022:1296) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
(RHSA-2022:1297) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
(RHSA-2022:1166) Important: OpenShift Container Platform 4.7.47 bug fix and security update
(RHSA-2022:1292) Low: Release of OpenShift Serverless 1.21.1
(RHSA-2022:1291) Low: Release of OpenShift Serverless Client kn 1.21.1
(RHSA-2022:1287) Important: firefox security update
(RHSA-2022:1285) Important: firefox security update
(RHSA-2022:1286) Important: firefox security update
(RHSA-2022:1284) Important: firefox security update
(RHSA-2022:1283) Important: firefox security update
(RHSA-2022:1158) Important: OpenShift Container Platform 4.9.27 bug fix and security update
(RHSA-2022:1162) Important: OpenShift Container Platform 4.10.8 bug fix and security update
(RHSA-2022:1275) Important: Red Hat OpenShift Service Mesh 2.1.2 security update
(RHSA-2022:1276) Important: Red Hat OpenShift Service Mesh 2.0.9 security update
(RHSA-2022:1264) Important: Red Hat OpenStack Platform 13.0 (python-waitress) security update
(RHSA-2022:1263) Important: RHV-H security update (redhat-virtualization-host) 4.3.22
(RHSA-2022:1254) Important: Red Hat OpenStack Platform 16.1 (python-waitress) security update
(RHSA-2022:1253) Important: Red Hat OpenStack Platform 16.2 (python-waitress) security update
(RHSA-2022:1198) Important: kernel security, bug fix, and enhancement update
(RHSA-2022:1199) Important: kernel-rt security and bug fix update
(RHSA-2022:1213) Important: kernel security update
(RHSA-2022:1209) Important: kernel-rt security and bug fix update
(RHSA-2022:1186) Important: kpatch-patch security update
(RHSA-2022:1185) Important: kpatch-patch security update
(RHSA-2022:1174) Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update
(RHSA-2022:1173) Important: httpd security update
(RHSA-2022:0737) Moderate: Red Hat build of Eclipse Vert.x 4.2.5 security update
(RHSA-2022:1138) Important: httpd security update
(RHSA-2022:1139) Important: httpd security update
(RHSA-2022:1137) Important: httpd security update
(RHSA-2022:1136) Important: httpd security update
(RHSA-2022:1112) Important: openssl security update
(RHSA-2022:1110) Moderate: Red Hat Decision Manager 7.12.1 security update
(RHSA-2022:1108) Moderate: Red Hat Process Automation Manager 7.12.1 security update
(RHSA-2022:1107) Important: kernel security update
(RHSA-2022:1102) Important: httpd:2.4 security update
(RHSA-2022:1104) Important: kernel security update
(RHSA-2022:1106) Important: kernel security update
(RHSA-2022:1091) Important: openssl security update
(RHSA-2022:1021) Important: OpenShift Container Platform 4.9.26 security update
(RHSA-2022:1083) Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates
(RHSA-2022:1082) Important: openssl security update
(RHSA-2022:1081) Moderate: Gatekeeper Operator v0.2 security updates and bug fixes
(RHSA-2022:1025) Important: OpenShift Container Platform 4.10.6 security update
(RHSA-2022:1080) Important: httpd:2.4 security update
(RHSA-2022:1077) Important: openssl security update
(RHSA-2022:1078) Important: openssl security update
(RHSA-2022:1072) Important: httpd:2.4 security update
(RHSA-2022:1069) Important: expat security update
(RHSA-2022:1075) Important: httpd24-httpd security update
(RHSA-2022:1066) Important: openssl security update
(RHSA-2022:1076) Important: openssl security update
(RHSA-2022:1074) Important: screen security update
(RHSA-2022:1071) Important: openssl security update
(RHSA-2022:1073) Important: openssl security update
(RHSA-2022:1070) Important: expat security update
(RHSA-2022:0577) Moderate: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]
(RHSA-2022:1068) Important: expat security update
(RHSA-2022:1065) Important: openssl security update
Cisco Security Advisory
Cisco Unified Communications Products Arbitrary File Write Vulnerability
Cisco Unified Communications Products Cross-Site Scripting Vulnerability
Cisco Unified Communications Products Arbitrary File Read Vulnerability
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability
Cisco Unified Communications Products Denial of Service Vulnerability
Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability
Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability
Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability
Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability
Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software AnyConnect SSL VPN Denial of Service Vulnerability
Cisco Webex Meetings Cross-Site Scripting Vulnerability
Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability
Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability
Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities
Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability
Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability
Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability
Cisco IOS Application Hosting Environment Vulnerabilities
Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability
Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability
Cisco IOS XE Software IPSec Denial of Service Vulnerability
Cisco SD-WAN Solution Improper Access Control Vulnerability
Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
Cisco SD-WAN vManage Software Information Disclosure Vulnerability
Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
Cisco IOS XE Software Web UI API Injection Vulnerability
Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability
Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability
Multiple Cisco Security Products Simple Network Management Protocol Service Denial of Service Vulnerability
Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability
Cisco Webex Meetings Java Deserialization Vulnerability
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability
Cisco Web Security Appliance Filter Bypass Vulnerability
Cisco Secure Network Analytics Network Diagrams Application Cross-Site Scripting Vulnerability
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022
Vulnerability in Spring Framework Affecting Cisco Products: March 2022
Microsoft Security
Chromium: CVE-2022-1314 Type Confusion in V8
Chromium: CVE-2022-1313 Use after free in tab groups
Chromium: CVE-2022-1312 Use after free in storage
Chromium: CVE-2022-1310 Use after free in regular expressions
Chromium: CVE-2022-1309 Insufficient policy enforcement in developer tools
Chromium: CVE-2022-1308 Use after free in BFCache
Chromium: CVE-2022-1307 Inappropriate implementation in full screen
Chromium: CVE-2022-1306 Inappropriate implementation in compositing
Chromium: CVE-2022-1305 Use after free in storage
Chromium: CVE-2022-1364: Type Confusion in V8
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
YARP Denial of Service Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
Skype for Business Information Disclosure Vulnerability
Skype for Business and Lync Spoofing Vulnerability
Azure SDK for .NET Information Disclosure Vulnerability
.NET Framework Denial of Service Vulnerability
Windows LDAP Denial of Service Vulnerability
DiskUsage.exe Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Information Disclosure Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows File Explorer Elevation of Privilege Vulnerability
Windows Work Folder Service Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
Windows Server Service Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows ALPC Elevation of Privilege Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
Cluster Client Failover (CCF) Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Local Security Authority (LSA) Remote Code Execution Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows Fax Compose Form Remote Code Execution Vulnerability
Windows Fax Compose Form Remote Code Execution Vulnerability
Windows Fax Compose Form Remote Code Execution Vulnerability
Windows Secure Channel Denial of Service Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows User Profile Service Elevation of Privilege Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Information Disclosure Vulnerability
Azure Site Recovery Information Disclosure Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
PowerShell Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows AppX Package Manager Elevation of Privilege Vulnerability
Microsoft Defender Denial of Service Vulnerability
Windows Kerberos Remote Code Execution Vulnerability
Local Security Authority (LSA) Elevation of Privilege Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Win32 Stream Enumeration Remote Code Execution Vulnerability
Win32 File Enumeration Remote Code Execution Vulnerability
Remote Desktop Protocol Remote Code Execution Vulnerability
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Power BI Spoofing Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account
GitHub: Uncontrolled search for the Git directory in Git for Windows
Windows Graphics Component Remote Code Execution Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows iSCSI Target Service Information Disclosure Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Windows Direct Show – Remote Code Execution Vulnerability
Windows Upgrade Assistant Remote Code Execution Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Windows Telephony Server Elevation of Privilege Vulnerability
Windows SMB Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Visual Studio Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Win32 Stream Enumeration Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Chromium: CVE-2022-1232 Type Confusion in V8
Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor
Chromium: CVE-2022-1137 Inappropriate implementation in Extensions
Chromium: CVE-2022-1136 Use after free in Tab Strip
Chromium: CVE-2022-1135 Use after free in Shopping Cart
Chromium: CVE-2022-1134 Type Confusion in V8
Chromium: CVE-2022-1133 Use after free in WebRTC
Chromium: CVE-2022-1131 Use after free in Cast UI
Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP
Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen Mode
Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API
Chromium: CVE-2022-1127 Use after free in QR Code Generator
Chromium: CVE-2022-1125 Use after free in Portals
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Chromium: CVE-2022-1143 Heap buffer overflow in WebUI
Chromium: CVE-2022-1145 Use after free in Extensions
Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing
Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API
Jenkins Security Advisories
Jenkins Security Advisory 2022-03-29
Github Security Advisories
[GHSA-9wrv-g75h-8ccc] Improper Access Control in Shopware
[GHSA-7gm7-8q8v-9gf2] Server-Side Request Forgery (SSRF) in Shopware
[GHSA-g5rr-p69h-7v3g] Insufficient type validation in pocketmine/pocketmine-mp
[GHSA-xg75-q3q5-cqmv] Denial of Service in http-swagger
[GHSA-xcjx-m2pj-8g79] Manipulated inline images can cause Infinite Loop in PyPDF2
[GHSA-f9wg-5f46-cjmw] NextAuth.js default redirect callback vulnerable to open redirects
[GHSA-3r7g-wrpr-j5g4] Improper Authentication in django-mfa3
[GHSA-4hj2-r2pm-3hc6] Incorrect Default Permissions in CRI-O
[GHSA-frxg-hf44-q765] Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp
[GHSA-4pm3-f52j-8ggh] Improper Input Validation in GeoServer
[GHSA-cf4q-4cqr-7g7w] SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc
[GHSA-j2x6-9323-fp7h] Integer bounds error in Vyper
[GHSA-8xc6-g8xw-h2c4] YARP Denial of Service Vulnerability
[GHSA-j35p-q24r-5367] Dep Group Remote Memory Exhaustion (Denial of Service) in ckb
[GHSA-3227-r97m-8j95] Relative Path Traversal in afire serve_static
[GHSA-x7cr-6qr6-2hh6] Missing input validation can lead to command execution in composer
[GHSA-6rw3-3whw-jvjj] Git LFS can execute a binary from the current directory on Windows
[GHSA-4mrx-6fxm-8jpg] Buffer Overflow in vyper
[GHSA-x2w5-725j-gf2g] Prototype Pollution in convict
[GHSA-cqcc-mm6x-vmvw] Persistent Cross-site Scripting vulnerability in PrivateBin
[GHSA-gx8x-g87m-h5q6] Denial of Service (DoS) in Nokogiri on JRuby
[GHSA-xxx9-3xcr-gjj3] XML Injection in Xerces Java affects Nokogiri
[GHSA-v6gp-9mmm-c6p5] Out-of-bounds Write in zlib affects Nokogiri
[GHSA-crjr-9rc5-ghw8] Inefficient Regular Expression Complexity in Nokogiri
[GHSA-g27j-74fp-xfpr] Insecure default value for CORS configuration
[GHSA-xmjj-3c76-5w84] Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in directus
[GHSA-5jfw-35xp-5m42] Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown
[GHSA-m87f-39q9-6f55] Sensitive Auth & Cookie data stored in Jupyter server logs
[GHSA-jj47-x69x-mxrm] Reallocation bug can trigger heap memory corruption
[GHSA-7vrm-3jc8-5wwm] Incorrect Comparison in Vyper
[GHSA-c2jg-hw38-jrqq] Inconsistent Interpretation of HTTP Requests in twisted.web
[GHSA-8hfj-j24r-96c4] Path Traversal: ‘dir/../../filename’ in moment.locale
[GHSA-fx5p-f64h-93xc] Opened exploitable ports in default docker-compose.yaml in go-ipfs
[GHSA-v222-6mr4-qj29] Command Injection vulnerability in asciidoctor-include-ext
[GHSA-7p99-3798-f85c] URL Redirection to Untrusted Site (‘Open Redirect’) in express-openid-connect
[GHSA-h99w-9q5r-gjq9] HTTP Request Smuggling in puma
[GHSA-838h-jqp6-cf2f] Sandbox bypass leading to arbitrary code execution in Deno
[GHSA-47wv-vhj2-g66m] Use of insecure temporary file in Horovod
[GHSA-8v99-48m9-c8pm] Incorrect Authorization in imgcrypt
[GHSA-5gjh-5j4f-cpwv] Unrestricted Upload of File with Dangerous Type in Gogs
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
