Apple Security Advisory
Table of Contents
iTunes 12.12.4 for Windows Security Content
watchOS 8.6 Security Content
Safari 15.5 Security Content
tvOS 15.5 Security Content
Xcode 13.4 Security Content
Security Update 2022-004 Catalina Security Content
macOS Big Sur 11.6.6 Security Content
macOS Monterey 12.4 Security Content
iOS 15.5 and iPadOS 15.5 Security Content
Oracle Security Alerts
Oracle Security Alert for CVE-2022-21500 – 19 May 2022
Adobe Security Bulletins and Advisories
Security updates available for Adobe ColdFusion | APSB21-16 APSB22-22
Security Update Available for Adobe InDesign | APSB20-66 APSB22-23
Security Updates Available for Adobe Framemaker | APSB21-14 APSB22-27
Security Update Available for Adobe InCopy | APSB21-05 APSB22-28
Github Security Advisories
[GHSA-fm53-mpmp-7qw2] Possible cross-site scripting attack via unsanitized SVG files in FoF Upload
[GHSA-ph5x-h23x-7q5q] XSS in wiki manager join wiki page
[GHSA-vmhh-xh3g-j992] XSS in the Flamingo theme manager
[GHSA-qfr3-323w-qv27] Possible information disclosure inside TreeGrid component with default data provider
[GHSA-pjpc-87mp-4332] Cross-site Scripting vulnerability in Mautic’s tracking pixel functionality
[GHSA-67fj-6w6m-w5j8] Reversible One-Way Hash in io.github.javaezlib:JavaEZ
[GHSA-gj94-v4p9-w672] Denial-of-service vulnerability processing large chat messages containing many newlines
[GHSA-qm6v-cg9v-53j3] Limited Authentication Bypass for Media Files
[GHSA-634x-pc3q-cf4c] PHP Code Injection by malicious block or filename
[GHSA-jfxf-4frr-9j3q] XSS in various backend modules due to (un)escaping in JS notification module
[GHSA-hj57-j5cw-2mwp] Ignition config accessible to unprivileged software on VMware
[GHSA-7qcx-4p32-qcmx] Missing Cryptographic Step in cassproject
[GHSA-mw6j-hh29-h379] `CHECK` failure in depthwise ops via overflows
[GHSA-w45j-f832-hxvh] Client Certificates are accepted without CertificateVerify
[GHSA-cwmx-hcrq-mhc3] Cross-domain cookie leakage in Guzzle
[GHSA-cvj7-5f3c-9vg9] AttesterSlashing number overflow
[GHSA-ffqj-6fqr-9h24] Key confusion through non-blocklisted public key formats
[GHSA-75c9-jrh4-79mc] Code injection in `saved_model_cli`
[GHSA-5889-7v45-q28m] Incomplete validation in signal ops leads to crashes
[GHSA-8wwm-6264-x792] Core dump when loading TFLite models with quantization
[GHSA-xrp2-fhq4-4q3w] Segfault if `tf.histogram_fixed_width` is called with NaN values
[GHSA-hc2f-7r5r-r2hg] Heap buffer overflow due to incorrect hash function
[GHSA-f4rr-5m7v-wxcw] Type confusion leading to `CHECK`-failure based denial of service
[GHSA-2r2f-g8mw-9gvr] Segfault and OOB write due to incomplete validation in `EditDistance`
[GHSA-5wpj-c6f7-24×8] Undefined behavior when users supply invalid resource handles
[GHSA-rc9w-5c64-9vqq] Missing validation results in undefined behavior in `SparseTensorDenseAdd
[GHSA-54ch-gjq5-4976] Segfault due to missing support for quantized types
[GHSA-hx9q-2mx4-m4pg] Missing validation causes denial of service via `Conv3DBackpropFilterV2`
[GHSA-jjm6-4vf7-cjh4] Integer overflow in `SpaceToBatchND`
[GHSA-cwpm-f78v-7m5c] Denial of service in `tf.ragged.constant` due to lack of validation
[GHSA-pqhm-4wvf-2jg8] Missing validation results in undefined behavior in `QuantizedConv2D`
[GHSA-2vv3-56qg-g2cf] Missing validation causes denial of service via `LSTMBlockCell`
[GHSA-p9rc-rmr5-529j] Missing validation causes denial of service via `LoadAndRemapMatrix`
[GHSA-mg66-qvc5-rm93] Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`
[GHSA-hrg5-737c-2p56] Missing validation causes denial of service via `UnsortedSegmentJoin`
[GHSA-5v77-j66x-4c4g] Missing validation causes denial of service via `Conv3DBackpropFilterV2`
[GHSA-h48f-q7rw-hvr7] Missing validation causes denial of service via `StagePeek`
[GHSA-h5g4-ppwx-48q2] Missing validation causes denial of service via `DeleteSessionTensor`
[GHSA-h2wq-prv9-2f56] Missing validation crashes `QuantizeAndDequantizeV4Grad`
[GHSA-fv25-wrff-wf86] Missing validation causes denial of service via `GetSessionTensor`
[GHSA-cm8f-h6j3-p25c] Header reconstruction method can be thrown into an infinite loop
[GHSA-cx94-mrg9-rq4j] Buffer for inbound DTLS fragments has no limit
[GHSA-qwrf-gfpj-qvj6] Smokescreen SSRF via deny list bypass (square brackets)
[GHSA-q2mx-j4x2-2h74] URL Redirection to Untrusted Site (‘Open Redirect’) in next-auth
[GHSA-8vxv-2g8p-2249] Observable Timing Discrepancy in totp-rs
[GHSA-fmrf-gvjp-5j5g] Cilium enables rogue node to cluster admin privilege escalation
[GHSA-6p8v-8cq8-v2r3] Access to Unix domain socket can lead to privileges escalation in Cilium
[GHSA-4wpp-w5r4-7v5v] Server-Side Request Forgery in charm
[GHSA-wjxw-gh3m-7pm5] DoS via malicious p2p message
[GHSA-66×3-6cw3-v5gj] Improper Validation of Integrity Check Value in go-tuf
[GHSA-7ww6-75fj-jcj7] Cross-site Scripting in Auth0 Lock
[GHSA-ff28-f46g-r9g8] Cross-site Scripting in Gogs
[GHSA-r642-gv9p-2wjj] Argo CD will blindly trust JWT claims if anonymous access is enabled
[GHSA-f3fp-gc8g-vw66] Default inheritable capabilities for linux container should be empty
[GHSA-2p9q-h29j-3f5v] Missing validation causes `TensorSummaryV2` to crash
[GHSA-h8v5-p258-pqf4] Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
[GHSA-xmg8-99r8-jc2j] Login screen allows message spoofing if SSO is enabled
[GHSA-xh29-r2w5-wx8m] Improper Handling of Unexpected Data Type in Nokogiri
[GHSA-6gcg-hp2x-q54h] Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
[GHSA-44pw-h2cw-w3vq] Uncontrolled Resource Consumption in Hawk
[GHSA-37hr-348p-rmf4] Improper handling of multiline messages in node-irc affects matrix-appservice-irc
[GHSA-cmv8-6362-r5w9] Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows
[GHSA-m8x6-6r63-qvj2] Cross site scripting via canonical tag in Contao
[GHSA-7pwf-jg34-hxwp] Improper path handling in Kustomization files allows for denial of service
[GHSA-6j22-wv8g-894f] Potential Cross-site Scripting vulnerability in Hydrogen
[GHSA-cgx6-hpwq-fhv5] Integer Overflow or Wraparound in libxml2 affects Nokogiri
[GHSA-vvmq-fwmg-2gjc] Improper kubeconfig validation allows arbitrary code execution
[GHSA-269q-hmxg-m83q] Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Node.js Security Advisories
OpenSSL update assessment, and Node.js project plans
Mozilla Security Advisories
Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1 mfsa2022-19
Security Vulnerabilities fixed in Thunderbird 91.9 mfsa2022-18
Security Vulnerabilities fixed in Firefox 100 mfsa2022-16
Security Vulnerabilities fixed in Firefox ESR 91.9 mfsa2022-17
Ubuntu Security Notices
USN-5450-1: Subversion vulnerabilities
USN-5448-1: ncurses vulnerabilities
USN-5449-1: libXv vulnerability
USN-5402-2: OpenSSL vulnerabilities
USN-5447-1: logrotate vulnerability
USN-5446-1: dpkg vulnerability
USN-5445-1: Subversion vulnerabilities
USN-5444-1: Linux kernel vulnerability
USN-5442-1: Linux kernel vulnerabilities
USN-5443-1: Linux kernel vulnerabilities
USN-5441-1: WebKitGTK vulnerabilities
USN-5404-2: Rsyslog vulnerability
USN-5440-1: PostgreSQL vulnerability
USN-5439-1: AccountsService vulnerability
USN-5438-1: HTMLDOC vulnerability
USN-5437-1: libXfixes vulnerability
USN-5436-1: libXrender vulnerabilities
USN-5435-1: Thunderbird vulnerabilities
USN-5434-1: Firefox vulnerabilities
USN-5433-1: Vim vulnerabilities
USN-5432-1: libpng vulnerabilities
USN-5424-2: OpenLDAP vulnerability
USN-5430-1: GNOME Settings vulnerability
USN-5429-1: Bind vulnerability
USN-5428-1: libXrandr vulnerabilities
USN-5427-1: Apport vulnerabilities
USN-5426-1: needrestart vulnerability
USN-5423-2: ClamAV vulnerabilities
USN-5425-1: PCRE vulnerabilities
USN-5424-1: OpenLDAP vulnerability
USN-5423-1: ClamAV vulnerabilities
USN-5311-2: containerd regression
USN-5422-1: libxml2 vulnerabilities
USN-5421-1: LibTIFF vulnerabilities
USN-5420-1: Vorbis vulnerabilities
USN-5419-1: Rsyslog vulnerabilities
USN-5418-1: Linux kernel vulnerabilities
USN-5417-1: Linux kernel vulnerabilities
USN-5416-1: Linux kernel (OEM) vulnerabilities
USN-5415-1: Linux kernel vulnerabilities
USN-5413-1: Linux kernel vulnerabilities
USN-5411-1: Firefox vulnerabilities
USN-5412-1: curl vulnerabilities
USN-5410-1: NSS vulnerability
USN-5259-3: Cron regression
USN-5409-1: libsndfile vulnerability
USN-5408-1: Dnsmasq vulnerability
USN-5407-1: Cairo vulnerabilities
USN-5179-2: BusyBox vulnerability
USN-5244-2: DBus vulnerability
USN-5259-2: Cron vulnerabilities
USN-5405-1: jbig2dec vulnerabilities
USN-5404-1: Rsyslog vulnerability
USN-5403-1: SQLite vulnerability
USN-5400-3: MySQL regression
USN-5354-2: Twisted vulnerability
USN-5395-2: networkd-dispatcher regression
USN-5402-1: OpenSSL vulnerabilities
USN-5400-2: MySQL vulnerabilities
USN-5401-1: DPDK vulnerabilities
USN-5390-2: Linux kernel (Raspberry Pi) vulnerabilities
USN-5400-1: MySQL vulnerabilities
USN-5399-1: libvirt vulnerabilities
USN-5382-2: libinput vulnerability
USN-5398-1: Simple DirectMedia Layer vulnerability
USN-5397-1: curl vulnerabilities
USN-5396-1: Ghostscript vulnerability
USN-5395-1: networkd-dispatcher vulnerabilities
USN-5394-1: WebKitGTK vulnerabilities
USN-5392-1: Mutt vulnerabilities
USN-5371-2: nginx vulnerability
USN-5393-1: Thunderbird vulnerabilities
USN-5391-1: libsepol vulnerabilities
USN-5366-2: FriBidi vulnerabilities
USN-5389-1: Libcroco vulnerabilities
USN-5390-1: Linux kernel vulnerabilities
USN-5388-2: OpenJDK vulnerabilities
USN-5388-1: OpenJDK vulnerabilities
USN-5376-3: Git regression
USN-5387-1: Barbican vulnerabilities
USN-5376-2: Git vulnerability
Red Hat Security Advisory
(RHSA-2022:4776) Critical: firefox security update
(RHSA-2022:4769) Critical: thunderbird security update
(RHSA-2022:4765) Critical: firefox security update
(RHSA-2022:4768) Critical: firefox security update
(RHSA-2022:4766) Critical: firefox security update
(RHSA-2022:4772) Critical: thunderbird security update
(RHSA-2022:4770) Critical: thunderbird security update
(RHSA-2022:4788) Moderate: openvswitch2.16 security update
(RHSA-2022:4787) Moderate: openvswitch2.15 security update
(RHSA-2022:4786) Moderate: openvswitch2.13 security update
(RHSA-2022:4767) Critical: firefox security update
(RHSA-2022:4774) Critical: thunderbird security update
(RHSA-2022:4773) Critical: thunderbird security update
(RHSA-2022:2263) Important: OpenShift Container Platform 4.6.58 packages and security update
(RHSA-2022:2265) Moderate: OpenShift Container Platform 4.6.58 security and extras update
(RHSA-2022:4712) Moderate: RHV Engine and Host Common Packages security update
(RHSA-2022:4764) Low: RHV RHEL Host (ovirt-host) [ovirt-4.5.0] security update
(RHSA-2022:4711) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
(RHSA-2022:2264) Moderate: OpenShift Container Platform 4.6.58 bug fix and security update
(RHSA-2022:2272) Moderate: OpenShift Container Platform 4.8.41 bug fix and security update
(RHSA-2022:2268) Moderate: OpenShift Container Platform 4.7.51 security update
(RHSA-2022:4745) Important: rh-varnish6-varnish security update
(RHSA-2022:2283) Moderate: OpenShift Container Platform 4.9.35 bug fix and security update
(RHSA-2022:4729) Critical: firefox security update
(RHSA-2022:4730) Critical: thunderbird security update
(RHSA-2022:4722) Important: subversion:1.14 security update
(RHSA-2022:4717) Important: kernel security update
(RHSA-2022:4721) Important: kpatch-patch security update
(RHSA-2022:4699) Important: maven:3.5 security update
(RHSA-2022:4692) Important: Red Hat OpenShift GitOps security update
(RHSA-2022:4691) Important: Red Hat OpenShift GitOps security update
(RHSA-2022:4690) Important: Red Hat OpenShift GitOps security update
(RHSA-2022:4671) Important: Red Hat OpenShift GitOps security update
(RHSA-2022:4667) Moderate: OpenShift Virtualization 4.10.1 RPMs security and bug fix update
(RHSA-2022:4668) Moderate: OpenShift Virtualization 4.10.1 Images security and bug fix update
(RHSA-2022:4661) Important: pcs security update
(RHSA-2022:4642) Important: kernel security and bug fix update
(RHSA-2022:4644) Important: kernel-rt security and bug fix update
(RHSA-2022:4651) Important: container-tools:2.0 security update
(RHSA-2022:4655) Important: kpatch-patch security update
(RHSA-2022:2205) Important: OpenShift Container Platform 4.9.33 packages and security update
(RHSA-2022:4623) Moderate: Red Hat build of Quarkus 2.7.5 release and security update
(RHSA-2022:4591) Important: subversion security update
(RHSA-2022:4592) Important: rsync security update
(RHSA-2022:4590) Important: firefox security update
(RHSA-2022:4589) Important: thunderbird security update
(RHSA-2022:4587) Important: pcs security update
(RHSA-2022:4588) Important: .NET 6.0 security, bug fix, and enhancement update
(RHSA-2022:4582) Important: gzip security update
(RHSA-2022:2137) Important: java-1.8.0-openjdk security update
(RHSA-2022:1729) Important: java-17-openjdk security update
(RHSA-2022:1728) Important: java-11-openjdk security update
(RHSA-2022:2256) Important: pcs security update
(RHSA-2022:2253) Important: pcs security update
(RHSA-2022:2255) Important: pcs security update
(RHSA-2022:1699) Moderate: OpenShift Container Platform 4.7.50 security update
(RHSA-2022:2234) Important: subversion:1.10 security update
(RHSA-2022:2236) Important: subversion:1.10 security update
(RHSA-2022:2237) Important: subversion:1.10 security update
(RHSA-2022:2232) Moderate: Red Hat Data Grid 8.3.1 security update
(RHSA-2022:2222) Important: subversion:1.10 security update
(RHSA-2022:2217) Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.3.7
(RHSA-2022:2218) Moderate: Openshift Logging Security and Bug update Release (5.2.10)
(RHSA-2022:2216) Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.4.1
(RHSA-2022:2213) Important: zlib security update
(RHSA-2022:2214) Important: zlib security update
(RHSA-2022:2198) Important: rsync security update
(RHSA-2022:2201) Important: rsync security update
(RHSA-2022:2211) Important: kpatch-patch security update
(RHSA-2022:2202) Important: .NET Core 3.1 security, bug fix, and enhancement update
(RHSA-2022:2192) Important: rsync security update
(RHSA-2022:2210) Moderate: redhat-ds:11 security and bug fix update
(RHSA-2022:2196) Important: .NET 5.0 on RHEL 7 security and bugfix update
(RHSA-2022:2191) Important: gzip security update
(RHSA-2022:2200) Important: .NET 5.0 security, bug fix, and enhancement update
(RHSA-2022:2199) Important: .NET 6.0 security, bug fix, and enhancement update
(RHSA-2022:2194) Important: .NET Core 3.1 on RHEL 7 security and bugfix update
(RHSA-2022:2190) Important: podman security update
(RHSA-2022:2197) Important: rsync security update
(RHSA-2022:2189) Important: kernel security update
(RHSA-2022:2188) Important: kernel security update
(RHSA-2022:2183) Moderate: Release of containers for OSP 16.2.z director operator tech preview
(RHSA-2022:2181) Moderate: virt:av and virt-devel:av security update
(RHSA-2022:1679) Moderate: Cryostat 2.1.0: new Cryostat on RHEL 8 container images
(RHSA-2022:1939) Moderate: squid:4 security and bug fix update
(RHSA-2022:2081) Low: bluez security update
(RHSA-2022:1819) Moderate: go-toolset:rhel8 security and bug fix update
(RHSA-2022:1814) Low: gnome-shell security and bug fix update
(RHSA-2022:2008) Moderate: cockpit security, bug fix, and enhancement update
(RHSA-2022:1898) Moderate: fapolicyd security, bug fix, and enhancement update
(RHSA-2022:2129) Moderate: lynx security update
(RHSA-2022:2120) Moderate: zsh security update
(RHSA-2022:1964) Moderate: fetchmail security update
(RHSA-2022:1991) Moderate: cpio security update
(RHSA-2022:1920) Moderate: qt5-qtsvg security update
(RHSA-2022:1975) Important: kernel-rt security and bug fix update
(RHSA-2022:1935) Moderate: php:7.4 security update
(RHSA-2022:2013) Moderate: openssh security, bug fix, and enhancement update
(RHSA-2022:2092) Moderate: bind security, bug fix, and enhancement update
(RHSA-2022:1891) Low: libpq security update
(RHSA-2022:1930) Moderate: keepalived security and bug fix update
(RHSA-2022:1842) Moderate: exiv2 security, bug fix, and enhancement update
(RHSA-2022:1823) Moderate: mod_auth_openidc:2.3 security update
(RHSA-2022:1801) Moderate: gfbgraph security update
(RHSA-2022:1747) Low: Release of OpenShift Serverless Version 1.22.0
(RHSA-2022:1745) Low: Release of OpenShift Serverless Client kn 1.22.0
(RHSA-2022:1739) Moderate: Red Hat OpenShift Service Mesh 2.1.2.1 containers security update
(RHSA-2022:1734) Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update
(RHSA-2022:1730) Important: thunderbird security update
(RHSA-2022:1727) Important: thunderbird security update
(RHSA-2022:1726) Important: thunderbird security update
(RHSA-2022:1725) Important: thunderbird security update
(RHSA-2022:1724) Important: thunderbird security update
(RHSA-2022:1716) Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update
(RHSA-2022:1715) Moderate: Red Hat Advanced Cluster Management 2.3.10 security updates and bug fixes
(RHSA-2022:1620) Important: OpenShift Container Platform 4.6.57 packages and security update
(RHSA-2022:1713) Moderate: security update for rh-sso-7/sso75-openshift-rhel8 container image
(RHSA-2022:1711) Moderate: Red Hat Single Sign-On 7.5.2 security update on RHEL 7
(RHSA-2022:1712) Moderate: Red Hat Single Sign-On 7.5.2 security update on RHEL 8
(RHSA-2022:1709) Moderate: Red Hat Single Sign-On 7.5.2 security update
(RHSA-2022:1708) Important: Satellite 6.10.5 Async Bug Fix Update
(RHSA-2022:1703) Important: firefox security update
(RHSA-2022:1705) Important: firefox security update
(RHSA-2022:1704) Important: firefox security update
(RHSA-2022:1702) Important: firefox security update
(RHSA-2022:1701) Important: firefox security update
(RHSA-2022:1622) Moderate: OpenShift Container Platform 4.6.57 security and extras update
(RHSA-2022:1681) Moderate: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes
(RHSA-2022:1676) Important: gzip security update
(RHSA-2022:1600) Moderate: OpenShift Container Platform 4.10.12 security update
(RHSA-2022:1520) Important: Red Hat JBoss Web Server 5.6.2 Security Update
(RHSA-2022:1519) Important: Red Hat JBoss Web Server 5.6.2 Security Update
(RHSA-2022:1664) Moderate: Red Hat Software Collections security update
(RHSA-2022:1665) Important: gzip security update
(RHSA-2022:1663) Moderate: python27-python and python27-python-pip security update
(RHSA-2022:1662) Important: rh-maven36-maven-shared-utils security update
(RHSA-2022:1661) Important: zlib security update
(RHSA-2022:1660) Moderate: Red Hat OpenShift support for Windows Containers 2.0.5 [security update]
(RHSA-2022:1437) Important: OpenJDK 17.0.3 security update for Windows Builds
(RHSA-2022:1436) Important: OpenJDK 17.0.3 security update for Portable Linux Builds
(RHSA-2022:1439) Important: OpenJDK 11.0.15 security update for Windows Builds
(RHSA-2022:1435) Important: OpenJDK 11.0.15 security update for Portable Linux Builds
(RHSA-2022:1438) Important: OpenJDK 8u332 security update for Portable Linux Builds
(RHSA-2022:1492) Important: OpenJDK 8u332 Windows builds release and security update
(RHSA-2022:1646) Important: Red Hat OpenStack Platform 16.1 (python-twisted) security update
(RHSA-2022:1645) Important: Red Hat OpenStack Platform 16.2 (python-twisted) security update
(RHSA-2022:1643) Important: xmlrpc-c security update
(RHSA-2022:1644) Important: xmlrpc-c security update
(RHSA-2022:1642) Important: zlib security update
(RHSA-2022:1628) Important: web-admin-build security update
(RHSA-2022:1627) Low: Red Hat AMQ Broker 7.9.4 release and security update
(RHSA-2022:1626) Low: Red Hat AMQ Broker 7.8.6 release and security update
(RHSA-2022:1420) Important: OpenShift Container Platform 3.11.665 security and bug fix update
(RHSA-2022:1619) Important: kpatch-patch security update
(RHSA-2022:1618) Important: convert2rhel security update
(RHSA-2022:1617) Important: convert2rhel security update
(RHSA-2022:1599) Important: convert2rhel security update
(RHSA-2022:1550) Important: kernel security and bug fix update
(RHSA-2022:1546) Moderate: polkit security update
(RHSA-2022:1552) Moderate: vim security update
(RHSA-2022:1589) Important: kernel security update
(RHSA-2022:1592) Important: gzip security update
(RHSA-2022:1591) Important: zlib security update
(RHSA-2022:1565) Moderate: container-tools:3.0 security and bug fix update
(RHSA-2022:1566) Moderate: container-tools:2.0 security update
(RHSA-2022:1557) Moderate: mariadb:10.5 security, bug fix, and enhancement update
(RHSA-2022:1556) Moderate: mariadb:10.3 security and bug fix update
(RHSA-2022:1555) Important: kernel-rt security and bug fix update
(RHSA-2022:1535) Important: kpatch-patch security update
(RHSA-2022:1540) Important: xmlrpc-c security update
(RHSA-2022:1541) Important: maven-shared-utils security update
(RHSA-2022:1539) Important: xmlrpc-c security update
(RHSA-2022:1537) Important: gzip security update
(RHSA-2022:1491) Important: java-1.8.0-openjdk security update
(RHSA-2022:1488) Important: java-1.8.0-openjdk security update
(RHSA-2022:1489) Important: java-1.8.0-openjdk security update
(RHSA-2022:1490) Important: java-1.8.0-openjdk security update
(RHSA-2022:1487) Important: java-1.8.0-openjdk security, bug fix, and enhancement update
Cisco Security Advisory
Cisco IOS XR Software Health Check Open Port Vulnerability
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities
Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Cisco Secure Network Analytics Remote Code Execution Vulnerability
Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability
Cisco SD-WAN vManage Software Information Disclosure Vulnerability
Cisco Enterprise NFV Infrastructure Software Vulnerabilities
Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
Cisco Small Business RV Series Routers Command Injection Vulnerabilities
Cisco Small Business RV Series Routers Remote Code Execution Vulnerability
ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022
ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022
ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
Cisco Firepower Threat Defense Software Security Intelligence DNS Feed Bypass Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability
Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability
Cisco Firepower Threat Defense Software XML Injection Vulnerability
Cisco Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability
Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability
Cisco Firepower Threat Defense Software Denial of Service Vulnerability
Cisco Firepower Threat Defense Software Local Malware Analysis Denial of Service Vulnerability
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
Cisco Firepower Management Center File Upload Security Bypass Vulnerability
Cisco Firepower Management Center Software Information Disclosure Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Privilege Escalation Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerability
Cisco Adaptive Security Appliance Software Clientless SSL VPN Heap Overflow Vulnerability
Microsoft Security
Chromium: CVE-2022-1634 Use after free in Browser UI
Chromium: CVE-2022-1635 Use after free in Permission Prompts
Chromium: CVE-2022-1636 Use after free in Performance APIs
Chromium: CVE-2022-1637 Inappropriate implementation in Web Contents
Chromium: CVE-2022-1638 Heap buffer overflow in V8 Internationalization
Chromium: CVE-2022-1639 Use after free in ANGLE
Chromium: CVE-2022-1640 Use after free in Sharing
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Hyper-V Security Feature Bypass Vulnerability
Windows Authentication Security Feature Bypass Vulnerability
Windows LSA Spoofing Vulnerability
Windows Address Book Remote Code Execution Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Windows NTFS Information Disclosure Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows WLAN AutoConfig Service Information Disclosure Vulnerability
Windows Server Service Information Disclosure Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Remote Desktop Protocol Client Information Disclosure Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Windows PlayToManager Elevation of Privilege Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Windows Failover Cluster Information Disclosure Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows Print Spooler Information Disclosure Vulnerability
Windows Fax Service Remote Code Execution Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
Windows Push Notifications Apps Elevation of Privilege Vulnerability
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
BitLocker Security Feature Bypass Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Clustered Shared Volume Information Disclosure Vulnerability
Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows Clustered Shared Volume Elevation of Privilege Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows Print Spooler Information Disclosure Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
Visual Studio Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
.NET Framework Denial of Service Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
Windows Clustered Shared Volume Information Disclosure Vulnerability
Windows WLAN AutoConfig Service Denial of Service Vulnerability
Windows Clustered Shared Volume Information Disclosure Vulnerability
Windows Clustered Shared Volume Information Disclosure Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Hyper-V Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows ALPC Elevation of Privilege Vulnerability
Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability
Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability
Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
Chromium: CVE-2022-1501 Inappropriate implementation in iframe
Chromium: CVE-2022-1500 Insufficient data validation in Dev Tools
Chromium: CVE-2022-1499 Inappropriate implementation in WebAuthentication
Chromium: CVE-2022-1498 Inappropriate implementation in HTML Parser
Chromium: CVE-2022-1497 Inappropriate implementation in Input
Chromium: CVE-2022-1495 Incorrect security UI in Downloads
Chromium: CVE-2022-1494 Insufficient data validation in Trusted Types
Chromium: CVE-2022-1493 Use after free in Dev Tools
Chromium: CVE-2022-1492 Insufficient data validation in Blink Editing
Chromium: CVE-2022-1491 Use after free in Bookmarks
Chromium: CVE-2022-1490 Use after free in Browser Switcher
Chromium: CVE-2022-1488 Inappropriate implementation in Extensions API
Chromium: CVE-2022-1487 Use after free in Ozone
Chromium: CVE-2022-1486 Type Confusion in V8
Chromium: CVE-2022-1485 Use after free in File System API
Chromium: CVE-2022-1484 Heap buffer overflow in Web UI Settings
Chromium: CVE-2022-1483 Heap buffer overflow in WebGPU
Chromium: CVE-2022-1482 Inappropriate implementation in WebGL
Chromium: CVE-2022-1481 Use after free in Sharing
Chromium: CVE-2022-1480 Use after free in Device API
Chromium: CVE-2022-1479 Use after free in ANGLE
Chromium: CVE-2022-1478 Use after free in SwiftShader
Chromium: CVE-2022-1477 Use after free in Vulkan
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
