Jenkins Security Advisories
Jenkins Security Advisory 2022-08-23
Apple Security Advisory
Safari 15.6.1 Security Content
iOS 15.6.1 and iPadOS 15.6.1 Security Content
macOS Monterey 12.5.1 Security Content
CISA Known Exploted Vulnerabilities
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability CVE-2022-0028
dotCMS Unrestricted Upload of File Vulnerability CVE-2022-26352
Apache CouchDB Insecure Default Initialization of Resource Vulnerability CVE-2022-24706
Apache APISIX Authentication Bypass Vulnerability CVE-2022-24112
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability CVE-2022-22963
WebRTC Heap Buffer Overflow Vulnerability CVE-2022-2294
Grafana Authentication Bypass Vulnerability CVE-2021-39226
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability CVE-2021-38406
Apple iOS, macOS, watchOS Sanbox Bypass Vulnerability CVE-2021-31010
PEAR Archive_Tar Improper Link Resolution Vulnerability CVE-2020-36193
PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability CVE-2020-28949
SAP Multiple Products HTTP Request Smuggling Vulnerability CVE-2022-22536
Apple iOS and macOS Out-of-Bounds Write Vulnerability CVE-2022-32894
Apple iOS and macOS Out-of-Bounds Write Vulnerability CVE-2022-32893
Google Chrome Intents Insufficient Input Validation Vulnerability CVE-2022-2856
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability CVE-2022-26923
Microsoft Windows Runtime Remote Code Execution Vulnerability CVE-2022-21971
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability CVE-2017-15944
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability CVE-2022-34713
RARLAB UnRAR Directory Traversal Vulnerability CVE-2022-30333
Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability CVE-2022-27925
Zimbra Collaboration (ZCS) Authentication Bypass Vulnerability CVE-2022-37042
Microsoft Security
Chromium: CVE-2022-2852 Use after free in FedCM
Chromium: CVE-2022-2853 Heap buffer overflow in Downloads
Chromium: CVE-2022-2854 Use after free in SwiftShader
Chromium: CVE-2022-2855 Use after free in ANGLE
Chromium: CVE-2022-2857 Use after free in Blink
Chromium: CVE-2022-2858 Use after free in Sign-In Flow
Chromium: CVE-2022-2860 Insufficient policy enforcement in Cookies
Chromium: CVE-2022-2861 Inappropriate implementation in Extensions API
Chromium: CVE-2022-2856 Insufficient validation of untrusted input in Intents
Windows Defender Credential Guard Security Feature Bypass Vulnerability
Windows Defender Credential Guard Elevation of Privilege Vulnerability
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
Windows Bluetooth Service Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Windows WebBrowser Control Remote Code Execution Vulnerability
Windows Kernel Information Disclosure Vulnerability
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Azure Batch Node Agent Elevation of Privilege Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Windows Partition Management Driver Elevation of Privilege Vulnerability
Azure RTOS GUIX Studio Information Disclosure Vulnerability
Azure RTOS GUIX Studio Information Disclosure Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Partition Management Driver Elevation of Privilege Vulnerability
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
Windows Defender Credential Guard Security Feature Bypass Vulnerability
Windows Defender Credential Guard Information Disclosure Vulnerability
Windows Defender Credential Guard Information Disclosure Vulnerability
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Microsoft Outlook Denial of Service Vulnerability
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
HTTP.sys Denial of Service Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Unified Write Filter Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows Local Security Authority (LSA) Denial of Service Vulnerability
Microsoft ATA Port Driver Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass
CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass
Azure Site Recovery Denial of Service Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
SMB Client and Server Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Information Disclosure Vulnerability
CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass
Microsoft Excel Security Feature Bypass Vulnerability
Windows Fax Service Elevation of Privilege Vulnerability
Microsoft Exchange Information Disclosure Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Defender Credential Guard Information Disclosure Vulnerability
Windows Defender Credential Guard Elevation of Privilege Vulnerability
.NET Spoofing Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
Windows Defender Credential Guard Elevation of Privilege Vulnerability
Windows Hello Security Feature Bypass Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Visual Studio Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Azure Sphere Information Disclosure Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Chromium: CVE-2022-2624 Heap buffer overflow in PDF
Chromium: CVE-2022-2623 Use after free in Offline
Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing
Chromium: CVE-2022-2621 Use after free in Extensions
Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals
Chromium: CVE-2022-2617 Use after free in Extensions API
Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API
Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies
Chromium: CVE-2022-2614 Use after free in Sign-In Flow
Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input
Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API
Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch
Chromium: CVE-2022-2606 Use after free in Managed devices API
Chromium: CVE-2022-2605 Out of bounds read in Dawn
Chromium: CVE-2022-2604 Use after free in Safe Browsing
Chromium: CVE-2022-2603 Use after free in Omnibox
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Cisco Security Advisory
Cisco ACI Multi-Site Orchestrator Privilege Escalation Vulnerability
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability
Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability
Cisco FXOS Software Command Injection Vulnerability
Cisco Secure Web Appliance Privilege Escalation Vulnerability
Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability
Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
Cisco Small Business RV Series Routers Vulnerabilities
Cisco Webex Meetings Web Interface Vulnerabilities
Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability
Ubuntu Security Notices
USN-5582-1: Linux kernel (Azure CVM) vulnerabilities
USN-5581-1: Firefox vulnerabilities
USN-5578-2: Open VM Tools vulnerability
USN-5580-1: Linux kernel (AWS) vulnerabilities
USN-5579-1: Linux kernel vulnerabilities
USN-5578-1: Open VM Tools vulnerability
USN-5577-1: Linux kernel (OEM) vulnerabilities
USN-5576-1: Twisted vulnerability
USN-5474-2: Varnish Cache regression
USN-5575-2: Libxslt vulnerabilities
USN-5575-1: Libxslt vulnerabilities
USN-5574-1: Exim vulnerability
USN-5573-1: rsync vulnerability
USN-5572-1: Linux kernel (AWS) vulnerabilities
USN-5571-1: PostgreSQL vulnerability
USN-5570-1: zlib vulnerability
USN-5526-2: PyJWT regression
USN-5569-1: Unbound vulnerabilities
USN-5568-1: WebKitGTK vulnerabilities
USN-5567-1: Linux kernel (OEM) vulnerabilities
USN-5566-1: Linux kernel vulnerabilities
USN-5565-1: Linux kernel vulnerabilities
USN-5564-1: Linux kernel (Intel IoTG) vulnerabilities
USN-5563-1: http-parser vulnerability
USN-5562-1: Linux kernel vulnerabilities
USN-5560-2: Linux kernel vulnerabilities
USN-5561-1: GNOME Web vulnerabilities
USN-5560-1: Linux kernel vulnerabilities
USN-5559-1: Moment.js vulnerabilities
USN-5558-1: libcdio vulnerabilities
USN-5557-1: Linux kernel vulnerabilities
USN-5555-1: GStreamer Good Plugins vulnerabilities
USN-5553-1: libjpeg-turbo vulnerabilities
USN-5554-1: GDK-PixBuf vulnerability
USN-5552-1: phpLiteAdmin vulnerability
USN-5548-1: libxml2 vulnerability
USN-5546-2: OpenJDK 8 vulnerabilities
USN-5551-1: mod-wsgi vulnerability
USN-5550-1: GnuTLS vulnerabilities
USN-5549-1: Django vulnerability
USN-5546-1: OpenJDK vulnerabilities
USN-5547-1: NVIDIA graphics drivers vulnerabilities
Adobe Security Bulletins and Advisories
Security Updates Available for Magento | APSB21-08 APSB22-38
Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-39
Security Updates Available for Adobe Framemaker | APSB21-14 APSB22-42
National Cyber Awareness System
Cisco Releases Security Updates for Multiple Products
CISA releases 1 Industrial Control Systems Advisory
CISA Adds Ten Known Exploited Vulnerabilities to Catalog
Preparing Critical Infrastructure for Post-Quantum Cryptography
VMware Releases Security Update
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
CISA releases 7 Industrial Control Systems Advisories
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
CISA Adds One Known Exploited Vulnerabilities to Catalog
CISA releases 5 Industrial Control Systems Advisories
Cisco Releases Security Update for Cisco Secure Web Appliance
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
Apple Releases Security Updates for Multiple Products
Threat Actors Exploiting Multiple Vulnerabilities Against Zimbra Collaboration Suite
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Cisco Releases Security Update for Multiple Products
#StopRansomware: Zeppelin Ransomware
Palo Alto Networks Releases Security Update for PAN-OS
CISA Releases Cybersecurity Toolkit to Protect U.S. Elections
Microsoft Releases August 2022 Security Updates
Adobe Releases Security Updates for Multiple Products
VMware Releases Security Updates
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
Cisco Releases Security Updates for RV Series Routers
F5 Releases Security Updates
VMware Releases Security Updates
CISA and ACSC Release Top 2021 Malware Strains
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Releases Log4Shell-Related MAR
Samba Releases Security Updates
Mozilla Security Advisories
Security Vulnerabilities fixed in Thunderbird 91.13 mfsa2022-37
Security Vulnerabilities fixed in Thunderbird 102.2 mfsa2022-36
Security Vulnerabilities fixed in Firefox 104 mfsa2022-33
Security Vulnerabilities fixed in Firefox ESR 102.2 mfsa2022-34
Security Vulnerabilities fixed in Firefox ESR 91.13 mfsa2022-35
Security Vulnerabilities fixed in Thunderbird 102.1 mfsa2022-32
Security Vulnerabilities fixed in Thunderbird 91.12 mfsa2022-31
Security Vulnerabilities fixed in Firefox ESR 91.12 mfsa2022-29
Security Vulnerabilities fixed in Firefox ESR 102.1 mfsa2022-30
Security Vulnerabilities fixed in Firefox 103 mfsa2022-28
Red Hat Security Advisory
(RHSA-2022:6188) Important: Node Maintenance Operator 4.11.1 security update
(RHSA-2022:6187) Important: Node Health Check Operator 0.3.1 security update
(RHSA-2022:6184) Important: Self Node Remediation Operator 0.4.1 security update
(RHSA-2022:6180) Important: rsync security update
(RHSA-2022:6179) Important: firefox security update
(RHSA-2022:6178) Important: firefox security update
(RHSA-2022:6175) Important: firefox security update
(RHSA-2022:6176) Important: firefox security update
(RHSA-2022:6174) Important: firefox security update
(RHSA-2022:6173) Important: rsync security update
(RHSA-2022:6172) Important: rsync security update
(RHSA-2022:6171) Important: rsync security update
(RHSA-2022:6170) Important: rsync security update
(RHSA-2022:6169) Important: thunderbird security update
(RHSA-2022:6168) Important: thunderbird security update
(RHSA-2022:6167) Important: thunderbird security update
(RHSA-2022:6166) Important: thunderbird security update
(RHSA-2022:6165) Important: thunderbird security update
(RHSA-2022:6163) Important: systemd security update
(RHSA-2022:6162) Important: systemd security update
(RHSA-2022:6161) Important: systemd security update
(RHSA-2022:6160) Important: systemd security update
(RHSA-2022:6159) Moderate: curl security update
(RHSA-2022:6158) Moderate: php:7.4 security update
(RHSA-2022:6157) Moderate: curl security update
(RHSA-2022:6156) Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update
(RHSA-2022:6155) Moderate: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement & bugfix update
(RHSA-2022:6094) Moderate: OpenShift Container Platform 4.10.28 packages and security update
(RHSA-2022:6103) Moderate: OpenShift Container Platform 4.11.1 bug fix and security update
(RHSA-2022:6102) Low: OpenShift Container Platform 4.11.1 packages and security update
(RHSA-2022:6053) Moderate: OpenShift Container Platform 4.7.56 security and bug fix update
(RHSA-2022:6119) Moderate: podman security and bug fix update
(RHSA-2022:6051) Important: Logging Subsystem 5.5.0 – Red Hat OpenShift security update
(RHSA-2022:6113) Important: Red Hat Application Interconnect 1.0 Release (rpms)
(RHSA-2022:6078) Important: Red Hat Ansible Automation Platform 2.1.3 security and bug fix update
(RHSA-2022:6079) Important: Red Hat Ansible Automation Platform 2.2.0 Product Security Update
(RHSA-2022:6075) Important: kpatch-patch security update
(RHSA-2022:6073) Important: kernel security update
(RHSA-2022:6066) Important: Red Hat OpenStack Platform 16.1 (etcd) security update
(RHSA-2022:6065) Important: Red Hat OpenStack Platform 16.1 (collectd-libpod-stats) security update
(RHSA-2022:6062) Important: Red Hat OpenStack Platform 16.2 (collectd-libpod-stats) security update
(RHSA-2022:6061) Important: Red Hat OpenStack Platform 16.2 (etcd) security update
(RHSA-2022:6058) Moderate: .NET 6.0 security, bug fix, and enhancement update
(RHSA-2022:6057) Moderate: .NET Core 3.1 security, bug fix, and enhancement update
(RHSA-2022:6043) Moderate: .NET 6.0 security, bug fix, and enhancement update
(RHSA-2022:6042) Important: Release of OpenShift Serverless Client kn 1.24.0
(RHSA-2022:6040) Important: Release of OpenShift Serverless 1.24.0
(RHSA-2022:5069) Important: OpenShift Container Platform 4.11.0 bug fix and security update
(RHSA-2022:5070) Moderate: OpenShift Container Platform 4.11.0 extras and security update
(RHSA-2022:6038) Moderate: .NET 6.0 security, bug fix, and enhancement update
(RHSA-2022:5068) Moderate: OpenShift Container Platform 4.11.0 packages and security update
(RHSA-2022:6037) Moderate: .NET Core 3.1 security, bug fix, and enhancement update
(RHSA-2022:6024) Moderate: New container image for Red Hat Ceph Storage 5.2 Security update
(RHSA-2022:6003) Moderate: kernel security, bug fix, and enhancement update
(RHSA-2022:6002) Moderate: kernel-rt security and bug fix update
(RHSA-2022:5997) Moderate: Red Hat Ceph Storage Security, Bug Fix, and Enhancement Update
(RHSA-2022:5879) Important: OpenShift Container Platform 4.9.45 bug fix and security update
(RHSA-2022:5998) Moderate: kernel security and bug fix update
(RHSA-2022:5948) Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update
(RHSA-2022:5942) Moderate: vim security update
(RHSA-2022:5939) Moderate: kernel-rt security and bug fix update
(RHSA-2022:5937) Moderate: kernel security and bug fix update
(RHSA-2022:5934) Moderate: kernel-rt security and bug fix update
(RHSA-2022:5875) Moderate: OpenShift Container Platform 4.10.26 security update
(RHSA-2022:5928) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update
(RHSA-2022:5923) Important: Service Telemetry Framework 1.3 security update
(RHSA-2022:5924) Important: Service Telemetry Framework 1.4 security update
(RHSA-2022:5915) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.2 security update
(RHSA-2022:5914) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.1 security update
(RHSA-2022:5913) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.0 security update
(RHSA-2022:5909) Moderate: Openshift Logging Bug Fix and security update Release (5.2.13)
(RHSA-2022:5908) Moderate: Openshift Logging Bug Fix and security update Release (5.3.10)
(RHSA-2022:5905) Important: xorg-x11-server security update
(RHSA-2022:5904) Important: php security update
(RHSA-2022:5903) Moderate: Red Hat Process Automation Manager 7.13.0 security update
(RHSA-2022:5894) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update.
(RHSA-2022:5892) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update
(RHSA-2022:5893) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update
(RHSA-2022:5866) Important: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update
(RHSA-2022:5821) Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
(RHSA-2022:5826) Moderate: mariadb:10.5 security, bug fix, and enhancement update
(RHSA-2022:5823) Moderate: 389-ds:1.4 security update
(RHSA-2022:5839) Important: kpatch-patch security update
(RHSA-2022:5834) Important: kernel-rt security and bug fix update
(RHSA-2022:5819) Important: kernel security and bug fix update
(RHSA-2022:5818) Moderate: openssl security update
(RHSA-2022:5813) Moderate: vim security update
(RHSA-2022:5809) Moderate: pcre2 security update
(RHSA-2022:5840) Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update
(RHSA-2022:5837) Moderate: java-1.8.0-ibm security update
(RHSA-2022:5804) Important: kpatch-patch security update
(RHSA-2022:5802) Important: kernel security update
(RHSA-2022:5806) Important: kernel security update
(RHSA-2022:5805) Important: kernel security update
(RHSA-2022:5799) Important: go-toolset and golang security and bug fix update
(RHSA-2022:5730) Moderate: OpenShift Container Platform 4.10.25 bug fix and security update
(RHSA-2022:5729) Moderate: OpenShift Container Platform 4.10.25 security update
(RHSA-2022:5779) Moderate: ruby:2.5 security update
(RHSA-2022:5775) Important: go-toolset:rhel8 security and bug fix update
(RHSA-2022:5777) Important: firefox security update
(RHSA-2022:5778) Important: thunderbird security update
(RHSA-2022:5776) Important: firefox security update
(RHSA-2022:5772) Important: thunderbird security update
(RHSA-2022:5774) Important: thunderbird security update
(RHSA-2022:5773) Important: thunderbird security update
(RHSA-2022:5769) Important: firefox security update
(RHSA-2022:5771) Important: thunderbird security update
(RHSA-2022:5770) Important: thunderbird security update
(RHSA-2022:5767) Important: firefox security update
(RHSA-2022:5765) Important: firefox security update
(RHSA-2022:5766) Important: firefox security update
(RHSA-2022:5759) Moderate: rh-mariadb105-galera and rh-mariadb105-mariadb security and bugfix update
(RHSA-2022:5758) Important: OpenJDK 17.0.4 Security Update for Portable Linux Builds
(RHSA-2022:5757) Important: OpenJDK 17.0.4 security update for Windows Builds
(RHSA-2022:5756) Important: OpenJDK 11.0.16 security update for Windows Builds
(RHSA-2022:5755) Important: OpenJDK 11.0.16 Security Update for Portable Linux Builds
(RHSA-2022:5753) Important: OpenJDK 8u342 Windows builds release and security update
(RHSA-2022:5699) Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 security update
(RHSA-2022:5738) Important: Django 3.2.14 Security Update
(RHSA-2022:5736) Important: java-17-openjdk security, bug fix, and enhancement update
(RHSA-2022:5726) Important: java-17-openjdk security, bug fix, and enhancement update
(RHSA-2022:5717) Important: grafana security update
(RHSA-2022:5719) Important: grafana security update
(RHSA-2022:5718) Important: grafana security update
(RHSA-2022:5716) Important: grafana security update
(RHSA-2022:5720) Important: grafana security update
(RHSA-2022:5709) Important: java-1.8.0-openjdk security, bug fix, and enhancement update
(RHSA-2022:5704) Moderate: ACS 3.71 enhancement and security update
(RHSA-2022:5703) Important: Red Hat Ansible Automation Platform 1.2 security update
(RHSA-2022:5702) Important: Red Hat Ansible Automation Platform 2.1.2 security and bug fix update
(RHSA-2022:5700) Important: java-1.8.0-openjdk security update
(RHSA-2022:5701) Important: java-1.8.0-openjdk security update
(RHSA-2022:5697) Important: java-1.8.0-openjdk security and bug fix update
(RHSA-2022:5698) Important: java-1.8.0-openjdk security, bug fix, and enhancement update
(RHSA-2022:5696) Important: java-1.8.0-openjdk security, bug fix, and enhancement update
(RHSA-2022:5695) Important: java-11-openjdk security, bug fix, and enhancement update
(RHSA-2022:5664) Important: OpenShift Container Platform 4.10.24 bug fix and security update
Google Security Advisories
Pixel Update Bulletin—August 2022 | Android Open Source Project
Android 13 Security Release Notes | Android Open Source Project
Android Security Bulletin—August 2022 | Android Open Source Project
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Github Security Advisories
[GHSA-f4qr-f4xx-hjxw] OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information
[GHSA-78f9-745f-278p] Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
[GHSA-33wh-w4m7-c6r8] update_by_case before 0.1.3 can be vulnerable to sql injection
[GHSA-j259-6c58-9m58] loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
[GHSA-pcjh-6r5h-r92r] django-sendfile2 before 0.7.0 contains reflected file download vulnerability
[GHSA-gwj5-wp6r-5q9f] Cronos vulnerable to DoS through unintended Contract Selfdestruct
[GHSA-7r9x-qrpr-3cxw] mofh Vulnerable to Improper Restriction of XML External Entity Reference
[GHSA-qcgc-6q86-7x2p] AEM WCM Core Components CVG Image vulnerable to Reflected Cross-site Scripting
[GHSA-vjxv-45g9-9296] cosign’s `cosign verify-attestaton –type` can report a false positive if any attestation exists
[GHSA-739f-hw6h-7wq8] PolicyController before 0.2.1 may bypass attestation verification
[GHSA-9jmq-rx5f-8jwq] nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
[GHSA-42wq-rch8-6f6j] CKEditor5 Cross-site scripting caused by the editor instance destroying process
[GHSA-v4hr-4jpx-56gc] Streamlit directory traversal vulnerability
[GHSA-r38f-c4h4-hqq2] PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
[GHSA-8rmh-55h4-93h5] DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import
[GHSA-qp5m-c3m9-8q2p] JSPUI vulnerable to path traversal in submission (resumable) upload
[GHSA-763j-q7wv-vf3m] JSPUI’s controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11
[GHSA-4wm8-c2vv-xrpq] JSPUI Possible Cross Site Scripting in “Request a Copy” Feature
[GHSA-c558-5gfm-p2r8] Cross Site Scripting (XSS) possible in JSPUI spellcheck and autocomplete tools
[GHSA-7w85-pp86-p4pq] XMLUI’s metadata of withdrawn Items is exposed to anonymous users
[GHSA-c2j7-66m3-r4ff] JSPUI’s “Internal System Error” page prints exceptions and stack traces without sanitization
[GHSA-j47c-j42c-mwqq] Solana Pay Vulnerable to Weakness in Transfer Validation Logic
[GHSA-7xr3-6ggc-wc9p] untangle before 1.2.1 vulnerable to XML Entity Expansion
[GHSA-f83q-2cp7-qrjg] untangle before 1.2.1 vulnerable to Improper Restriction of XML External Entity Reference
[GHSA-p6mm-27gq-9v3p] next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
[GHSA-8cw9-5hmv-77w6] sanic vulnerable to Path Traversal
[GHSA-6gjm-6wj6-4px5] Byobu user preference to prevent private discussions being started are not respected
[GHSA-qrjv-rf5q-qpxc] Rust-WebSocket memory allocation based on untrusted length
[GHSA-xv97-c62v-4587] NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
[GHSA-4rx6-g5vg-5f3j] Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
[GHSA-32ff-4g79-vgfc] Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
[GHSA-hrgx-p36p-89q4] PrestaShop eval injection possible if shop vulnerable to SQL injection
[GHSA-9x8m-2xpf-crp3] Scrapy before v2.6.2 and v1.8.3 vulnerable to one proxy sending credentials to another
[GHSA-c8rp-cgf4-937w] mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack
[GHSA-2cpx-6pqp-wf35] fs2-io skips mTLS client verification
[GHSA-xq3c-8gqm-v648] async-graphql / async-graphql – @DOS GraphQL Nested Fragments overflow
[GHSA-5834-xv5q-cgfw] Shopware vulnerable to persistent XSS in customer module
[GHSA-8274-h5jp-97vr] Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack