Skip to Content

Security Advisories Notices Update on July 26, 2022

Apple Security Advisory

iOS 15.6 and iPadOS 15.6 Security Content
tvOS 15.6 Security Content
macOS Monterey 12.5 Security Content
macOS Big Sur 11.6.8 Security Content
Security Update 2022-005 Catalina Security Content
watchOS 8.7 Security Content
Safari 15.6 Security Content

Oracle Security Alerts

Oracle Critical Patch Update Advisory – July 2022

Amazon AWS Security Advisories

Reported EKS IAM Authenticator Issue

Adobe Security Bulletins and Advisories

Security updates available for Adobe Photoshop | APSB21-28 APSB22-35
Security update available for RoboHelp APSB22-10
Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-32

Github Security Advisories

[GHSA-m58q-qq5h-mgqq] Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
[GHSA-fjh6-p566-wr6q] skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
[GHSA-7f6x-jwh5-m9r4] Cranelift vulnerable to miscompilation of constant values in division on AArch64
[GHSA-4g63-c64m-25w9] OpenZeppelin Contracts’s SignatureChecker may revert on invalid EIP-1271 signers
[GHSA-qh9x-gcfh-pcrw] OpenZeppelin Contracts’s ERC165Checker may revert instead of returning false
[GHSA-5cm2-9h8c-rvfx] TZInfo relative path traversal vulnerability allows loading of arbitrary files
[GHSA-6rh6-x8ww-9h97] Grails framework Remote Code Execution via Data Binding
[GHSA-q768-x9m6-m9qp] undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
[GHSA-3cvr-822r-rqcc] undici before v5.8.0 vulnerable to CRLF injection in request headers
[GHSA-5fhj-g3p3-pq9g] Wasmtime vulnerable to Use After Free with `externref`s
[GHSA-99j7-mhfh-w84p] Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs
[GHSA-h6gj-6jjq-h8g9] jQuery UI Cross-site Scripting when refreshing a checkboxradio with an HTML-like initial text label
[GHSA-hwqr-f3v9-hwxr] Workers for local Dask clusters mistakenly listened on public interfaces
[GHSA-wc5v-r48v-g4vh] Cilium host policy bypass in endpoint-routes mode with dual-stack
[GHSA-44vr-rwwj-p88h] Shscape vulnerable to insufficient escaping of whitespace
[GHSA-jjc5-fp7p-6f8w] Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
[GHSA-q37h-jhf3-85cj] Bypass of CMS Safe Mode Security Feature
[GHSA-5p73-qg2v-383h] Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library
[GHSA-768m-5w34-2xf5] Use of Insufficiently Random Values in packbackbooks/lti-1-3-php-library
[GHSA-c28r-hw5m-5gv3] Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
[GHSA-6f85-3f8q-qc94] OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor
[GHSA-376v-xgjx-7mfr] Timing Attack Vector in fastify-bearer-auth
[GHSA-8mjr-jr5h-q2xr] Account cannot process transactions on Goerli
[GHSA-qwrj-9hmp-gpxh] FlyteAdmin Insufficient AccessToken Expiration Check prior to v1.1.30
[GHSA-8v7h-cpc2-r8jp] RCE via race condition in October CMS upload process
[GHSA-cr6p-23cf-w9g9] No security checking for UnsafeAccess.getInstance() in UnsafeAccessor
[GHSA-5pgm-3j3g-2rc7] Error messages leading to potential data exfiltration in Valinor
[GHSA-pmjg-52h9-72qv] Cross-site Scripting for Argo CD SSO users
[GHSA-7943-82jg-wmw5] Certificate verification is skipped for connections to OIDC providers
[GHSA-6wvc-6pww-qr4r] DoS in KubeEdge’s Websocket Client in package Viaduct
[GHSA-wrcr-x4qj-j543] Uncontrolled Resource Consumption in KubeEdge Cloud Stream and Edge Stream
[GHSA-qpx3-9565-5xwm] Uncontrolled Resource Consumption in KubeEdge CloudCore Router
[GHSA-x3px-2p95-f6jr] DoS in KubeEdge when signing the CSR from EdgeCore
[GHSA-w52j-3457-q9wr] Uncontrolled Resource Consumption in KubeEdge Cloud AdmissionController component
[GHSA-vwm6-qc77-v2rh] Uncontrolled Resource Consumption in KubeEdge Edge ServiceBus module
[GHSA-cm59-pr5q-cw85] Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
[GHSA-72×4-cq6r-jp4p] Improper Input Validation in orderer/common/cluster consensus request
[GHSA-wgmr-mf83-7x4j] Invalid HTTP/2 requests can lead to denial of service
[GHSA-8mpp-f3f7-xc28] SslConnection does not release pooled ByteBuffers in case of errors
[GHSA-cj7v-27pg-wf7q] Invalid URI parsing may produce invalid HttpURI.authority
[GHSA-f2gr-7299-487h] DOS and excessive memory usage when passing untrusted user input to to dag import
[GHSA-crrq-vr9j-fxxh] Protected fields exposed via LiveQuery
[GHSA-pgjx-7f9g-9463] Improper handling of email input
[GHSA-9x4h-8wgm-8xfg] Malformed CAR panics and excessive memory usage
[GHSA-hm37-9xh2-q499] Possible leak of key’s raw field if declared length is incorrect
[GHSA-wc69-rhjr-hc9g] Inefficient Regular Expression Complexity in moment
[GHSA-ffmh-x56j-9rc3] Regular Expression Denial of Service in jquery-validation
[GHSA-c58j-88f5-h53f] Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in pycares
[GHSA-wpqr-jcpx-745r] Incorrect handling of invalid surrogate pair characters
[GHSA-fm67-cv37-96ff] Potential double free of buffer during string decoding
[GHSA-977c-63xq-cgw3] Unsafe YAML deserialization in opensearch-ruby
[GHSA-x3vm-38hw-55wf] Possible inject arbitrary `CSS` into the generated graph affecting the container HTML

Cisco Security Advisory

Cisco Nexus Dashboard SSL Certificate Validation Vulnerability
Cisco Identity Services Engine Administrator Password Lifetime Expiration Issue
Cisco Nexus Dashboard Arbitrary File Write Vulnerability
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
Cisco IoT Control Center Cross-Site Scripting Vulnerability
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities
Cisco Unified Communications Products Cross-Site Scripting Vulnerability
Cisco Unified Communications Products Cross-Site Scripting Vulnerability
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Cisco Smart Software Manager On-Prem Denial of Service Vulnerability
Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
Cisco Unified Communications Products Access Control Vulnerability
Cisco Unified Communications Manager Arbitrary File Read Vulnerability
Cisco Unified Communications Products Timing Attack Vulnerability
Cisco Unified Communications Products Arbitrary File Read Vulnerability

Mozilla Security Advisories

Security Vulnerabilities fixed in Firefox for iOS 102 mfsa2022-27
Security Vulnerabilities fixed in Thunderbird 91.11 and Thunderbird 102 mfsa2022-26
Security Vulnerabilities fixed in Firefox 102 mfsa2022-24
Security Vulnerabilities fixed in Firefox ESR 91.11 mfsa2022-25

Ubuntu Security Notices

USN-5520-1: HTTP-Daemon vulnerability
USN-5519-1: Python vulnerability
USN-5512-1: Thunderbird vulnerabilities
USN-5518-1: Linux kernel vulnerabilities
USN-5517-1: Linux kernel (OEM) vulnerabilities
USN-5516-1: Vim vulnerabilities
USN-5473-2: ca-certificates update
USN-5515-1: Linux kernel vulnerabilities
USN-5514-1: Linux kernel vulnerabilities
USN-5513-1: Linux kernel (AWS) vulnerabilities
USN-5511-1: Git vulnerabilities
USN-5256-1: uriparser vulnerabilities
USN-5510-2: X.Org X Server vulnerabilities
USN-5510-1: X.Org X Server vulnerabilities
USN-5503-2: GnuPG vulnerability
USN-5508-1: Python LDAP vulnerability
USN-5509-1: Dovecot vulnerability
USN-5507-1: Vim vulnerabilities
USN-5479-3: PHP regression
USN-5506-1: NSS vulnerabilities
USN-5505-1: Linux kernel vulnerabilities
USN-5488-2: OpenSSL vulnerability
USN-5504-1: Firefox vulnerabilities
USN-5503-1: GnuPG vulnerability
USN-5502-1: OpenSSL vulnerability
USN-5479-2: PHP vulnerabilities
USN-5501-1: Django vulnerability
USN-5500-1: Linux kernel vulnerabilities
USN-5493-2: Linux kernel (HWE) vulnerability
USN-5485-2: Linux kernel (OEM) vulnerabilities
USN-5499-1: curl vulnerabilities
USN-5498-1: Vim vulnerabilities
USN-5497-1: Libjpeg6b vulnerabilities
USN-5496-1: cloud-init vulnerability
USN-5495-1: curl vulnerabilities
USN-5494-1: SpiderMonkey JavaScript Library vulnerabilities
USN-5493-1: Linux kernel vulnerability

Node.js Security Advisories

July 5th 2022 Security Releases

Microsoft Security

Chromium: CVE-2022-2481 Use after free in Views
Chromium: CVE-2022-2480 Use after free in Service Worker API
Chromium: CVE-2022-2479 Insufficient validation of untrusted input in File
Chromium: CVE-2022-2478 Use after free in PDF
Chromium: CVE-2022-2477 Use after free in Guest View
Azure Arc Jumpstart Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Windows BitLocker Information Disclosure Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Microsoft Defender for Endpoint Tampering Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Storage Library Information Disclosure Vulnerability
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Windows Boot Manager Security Feature Bypass Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Security Account Manager (SAM) Denial of Service Vulnerability
Windows IIS Server Elevation of Privilege Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Connected Devices Platform Service Information Disclosure Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Active Directory Federation Services Elevation of Privilege Vulnerability
Windows Server Service Tampering Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
Windows Shell Remote Code Execution Vulnerability
Windows Hyper-V Information Disclosure Vulnerability
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
Windows Fax Service Remote Code Execution Vulnerability
Windows Internet Information Services Cachuri Module Denial of Service Vulnerability
Windows CSRSS Elevation of Privilege Vulnerability
Windows Fax Service Remote Code Execution Vulnerability
Windows Network File System Information Disclosure Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Performance Counters for Windows Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Internet Information Services Dynamic Compression Module Denial of Service Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Hyper-V Information Disclosure Vulnerability
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
Windows.Devices.Picker.dll Elevation of Privilege Vulnerability
Windows CSRSS Elevation of Privilege Vulnerability
BitLocker Security Feature Bypass Vulnerability
Windows CSRSS Elevation of Privilege Vulnerability
Windows Fax Service Elevation of Privilege Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
Skype for Business and Lync Remote Code Execution Vulnerability
HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data
Xbox Live Save Service Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
AMD: CVE-2022-23816 AMD CPU Branch Type Confusion
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
AMD: CVE-2022-23825 AMD CPU Branch Type Confusion
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Chromium: CVE-2022-2295 Heap buffer overflow in WebRTC
Chromium: CVE-2022-2294 Type Confusion in V8
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Red Hat Security Advisory

(RHSA-2022:5564) Important: kernel security, bug fix, and enhancement update
(RHSA-2022:5565) Important: kernel-rt security and bug fix update
(RHSA-2022:5542) Important: squid security update
(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update
(RHSA-2022:5531) Moderate: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes
(RHSA-2022:5526) Important: squid:4 security update
(RHSA-2022:5529) Important: squid:4 security update
(RHSA-2022:5527) Important: squid security update
(RHSA-2022:5528) Important: squid:4 security update
(RHSA-2022:5530) Important: squid:4 security update
(RHSA-2022:5525) Moderate: Service Binding Operator security update
(RHSA-2022:5498) Moderate: Satellite 6.11 Release
(RHSA-2022:5491) Important: rh-php73-php security and bug fix update
(RHSA-2022:5483) Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update
(RHSA-2022:5482) Important: thunderbird security update
(RHSA-2022:5481) Important: firefox security update
(RHSA-2022:5479) Important: firefox security update
(RHSA-2022:5480) Important: thunderbird security update
(RHSA-2022:5476) Important: kpatch-patch security update
(RHSA-2022:5474) Important: firefox security update
(RHSA-2022:5475) Important: thunderbird security update
(RHSA-2022:5471) Important: php:7.4 security update
(RHSA-2022:5473) Important: thunderbird security update
(RHSA-2022:5472) Important: firefox security update
(RHSA-2022:5467) Important: php:7.4 security update
(RHSA-2022:5468) Important: php:8.0 security update
(RHSA-2022:5470) Important: thunderbird security update
(RHSA-2022:5469) Important: firefox security update
(RHSA-2022:5478) Important: thunderbird security update
(RHSA-2022:5477) Important: firefox security update
(RHSA-2022:5460) Important: Red Hat JBoss Enterprise Application Platform 6.4.24 security update
(RHSA-2022:5459) Important: Red Hat JBoss Enterprise Application Platform 6.4.24 security update
(RHSA-2022:5458) Important: Red Hat JBoss Enterprise Application Platform 6.4.24 security update
(RHSA-2022:5439) Important: RHV-H security update (redhat-virtualization-host) 4.3.23
(RHSA-2022:5415) Moderate: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update
(RHSA-2022:5392) Moderate: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes
(RHSA-2022:5338) Moderate: ruby:2.6 security, bug fix, and enhancement update
(RHSA-2022:5331) Moderate: libinput security update
(RHSA-2022:5337) Moderate: go-toolset:rhel8 security and bug fix update
(RHSA-2022:5263) Moderate: qemu-kvm security and bug fix update
(RHSA-2022:5257) Moderate: libinput security update
(RHSA-2022:5326) Low: compat-openssl10 security update
(RHSA-2022:5319) Moderate: vim security update
(RHSA-2022:5344) Important: kernel-rt security and bug fix update
(RHSA-2022:5317) Moderate: libxml2 security update
(RHSA-2022:5316) Important: kernel security and bug fix update
(RHSA-2022:5313) Moderate: curl security update
(RHSA-2022:5311) Moderate: libgcrypt security update
(RHSA-2022:5314) Moderate: expat security update
(RHSA-2022:5251) Moderate: pcre2 security update
(RHSA-2022:5252) Moderate: libarchive security update
(RHSA-2022:5244) Moderate: expat security update
(RHSA-2022:5250) Moderate: libxml2 security update
(RHSA-2022:5245) Moderate: curl security update
(RHSA-2022:5242) Moderate: vim security update
(RHSA-2022:5249) Important: kernel security and bug fix update
(RHSA-2022:5267) Important: kernel-rt security and bug fix update
(RHSA-2022:5235) Moderate: python security update
(RHSA-2022:5239) Moderate: 389-ds-base security, bug fix, and enhancement update
(RHSA-2022:5232) Important: kernel security and bug fix update
(RHSA-2022:5236) Important: kernel-rt security and bug fix update
(RHSA-2022:5234) Moderate: python-virtualenv security update
(RHSA-2022:5224) Important: kernel-rt security and bug fix update
(RHSA-2022:5220) Important: kernel security and bug fix update
(RHSA-2022:5219) Important: kpatch-patch security update
(RHSA-2022:5216) Important: kpatch-patch security update
(RHSA-2022:5214) Important: kpatch-patch security update
(RHSA-2022:5201) Moderate: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes
(RHSA-2022:5189) Important: RHACS 3.70 security update

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on pupuweb.com