Security Advisories Notices Update on July 26, 2022

Apple Security Advisory

iOS 15.6 and iPadOS 15.6 Security Content
tvOS 15.6 Security Content
macOS Monterey 12.5 Security Content
macOS Big Sur 11.6.8 Security Content
Security Update 2022-005 Catalina Security Content
watchOS 8.7 Security Content
Safari 15.6 Security Content

Oracle Security Alerts

Oracle Critical Patch Update Advisory – July 2022

Amazon AWS Security Advisories

Reported EKS IAM Authenticator Issue

Adobe Security Bulletins and Advisories

Security updates available for Adobe Photoshop | APSB21-28 APSB22-35
Security update available for RoboHelp APSB22-10
Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-32

Github Security Advisories

[GHSA-m58q-qq5h-mgqq] Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
[GHSA-fjh6-p566-wr6q] skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
[GHSA-7f6x-jwh5-m9r4] Cranelift vulnerable to miscompilation of constant values in division on AArch64
[GHSA-4g63-c64m-25w9] OpenZeppelin Contracts’s SignatureChecker may revert on invalid EIP-1271 signers
[GHSA-qh9x-gcfh-pcrw] OpenZeppelin Contracts’s ERC165Checker may revert instead of returning false
[GHSA-5cm2-9h8c-rvfx] TZInfo relative path traversal vulnerability allows loading of arbitrary files
[GHSA-6rh6-x8ww-9h97] Grails framework Remote Code Execution via Data Binding
[GHSA-q768-x9m6-m9qp] undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
[GHSA-3cvr-822r-rqcc] undici before v5.8.0 vulnerable to CRLF injection in request headers
[GHSA-5fhj-g3p3-pq9g] Wasmtime vulnerable to Use After Free with `externref`s
[GHSA-99j7-mhfh-w84p] Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs
[GHSA-h6gj-6jjq-h8g9] jQuery UI Cross-site Scripting when refreshing a checkboxradio with an HTML-like initial text label
[GHSA-hwqr-f3v9-hwxr] Workers for local Dask clusters mistakenly listened on public interfaces
[GHSA-wc5v-r48v-g4vh] Cilium host policy bypass in endpoint-routes mode with dual-stack
[GHSA-44vr-rwwj-p88h] Shscape vulnerable to insufficient escaping of whitespace
[GHSA-jjc5-fp7p-6f8w] Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
[GHSA-q37h-jhf3-85cj] Bypass of CMS Safe Mode Security Feature
[GHSA-5p73-qg2v-383h] Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library
[GHSA-768m-5w34-2xf5] Use of Insufficiently Random Values in packbackbooks/lti-1-3-php-library
[GHSA-c28r-hw5m-5gv3] Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
[GHSA-6f85-3f8q-qc94] OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor
[GHSA-376v-xgjx-7mfr] Timing Attack Vector in fastify-bearer-auth
[GHSA-8mjr-jr5h-q2xr] Account cannot process transactions on Goerli
[GHSA-qwrj-9hmp-gpxh] FlyteAdmin Insufficient AccessToken Expiration Check prior to v1.1.30
[GHSA-8v7h-cpc2-r8jp] RCE via race condition in October CMS upload process
[GHSA-cr6p-23cf-w9g9] No security checking for UnsafeAccess.getInstance() in UnsafeAccessor
[GHSA-5pgm-3j3g-2rc7] Error messages leading to potential data exfiltration in Valinor
[GHSA-pmjg-52h9-72qv] Cross-site Scripting for Argo CD SSO users
[GHSA-7943-82jg-wmw5] Certificate verification is skipped for connections to OIDC providers
[GHSA-6wvc-6pww-qr4r] DoS in KubeEdge’s Websocket Client in package Viaduct
[GHSA-wrcr-x4qj-j543] Uncontrolled Resource Consumption in KubeEdge Cloud Stream and Edge Stream
[GHSA-qpx3-9565-5xwm] Uncontrolled Resource Consumption in KubeEdge CloudCore Router
[GHSA-x3px-2p95-f6jr] DoS in KubeEdge when signing the CSR from EdgeCore
[GHSA-w52j-3457-q9wr] Uncontrolled Resource Consumption in KubeEdge Cloud AdmissionController component
[GHSA-vwm6-qc77-v2rh] Uncontrolled Resource Consumption in KubeEdge Edge ServiceBus module
[GHSA-cm59-pr5q-cw85] Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
[GHSA-72×4-cq6r-jp4p] Improper Input Validation in orderer/common/cluster consensus request
[GHSA-wgmr-mf83-7x4j] Invalid HTTP/2 requests can lead to denial of service
[GHSA-8mpp-f3f7-xc28] SslConnection does not release pooled ByteBuffers in case of errors
[GHSA-cj7v-27pg-wf7q] Invalid URI parsing may produce invalid HttpURI.authority
[GHSA-f2gr-7299-487h] DOS and excessive memory usage when passing untrusted user input to to dag import
[GHSA-crrq-vr9j-fxxh] Protected fields exposed via LiveQuery
[GHSA-pgjx-7f9g-9463] Improper handling of email input
[GHSA-9x4h-8wgm-8xfg] Malformed CAR panics and excessive memory usage
[GHSA-hm37-9xh2-q499] Possible leak of key’s raw field if declared length is incorrect
[GHSA-wc69-rhjr-hc9g] Inefficient Regular Expression Complexity in moment
[GHSA-ffmh-x56j-9rc3] Regular Expression Denial of Service in jquery-validation
[GHSA-c58j-88f5-h53f] Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in pycares
[GHSA-wpqr-jcpx-745r] Incorrect handling of invalid surrogate pair characters
[GHSA-fm67-cv37-96ff] Potential double free of buffer during string decoding
[GHSA-977c-63xq-cgw3] Unsafe YAML deserialization in opensearch-ruby
[GHSA-x3vm-38hw-55wf] Possible inject arbitrary `CSS` into the generated graph affecting the container HTML

Cisco Security Advisory

Cisco Nexus Dashboard SSL Certificate Validation Vulnerability
Cisco Identity Services Engine Administrator Password Lifetime Expiration Issue
Cisco Nexus Dashboard Arbitrary File Write Vulnerability
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
Cisco IoT Control Center Cross-Site Scripting Vulnerability
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities
Cisco Unified Communications Products Cross-Site Scripting Vulnerability
Cisco Unified Communications Products Cross-Site Scripting Vulnerability
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Cisco Smart Software Manager On-Prem Denial of Service Vulnerability
Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
Cisco Unified Communications Products Access Control Vulnerability
Cisco Unified Communications Manager Arbitrary File Read Vulnerability
Cisco Unified Communications Products Timing Attack Vulnerability
Cisco Unified Communications Products Arbitrary File Read Vulnerability

Mozilla Security Advisories

Security Vulnerabilities fixed in Firefox for iOS 102 mfsa2022-27
Security Vulnerabilities fixed in Thunderbird 91.11 and Thunderbird 102 mfsa2022-26
Security Vulnerabilities fixed in Firefox 102 mfsa2022-24
Security Vulnerabilities fixed in Firefox ESR 91.11 mfsa2022-25

Ubuntu Security Notices

Node.js Security Advisories

July 5th 2022 Security Releases

Microsoft Security

Red Hat Security Advisory

Apple Security Advisory

Oracle Security Alerts

Amazon AWS Security Advisories

Adobe Security Bulletins and Advisories

Github Security Advisories

Cisco Security Advisory

Mozilla Security Advisories

Ubuntu Security Notices

Node.js Security Advisories

Microsoft Security

Red Hat Security Advisory

Your Support Matters...