Security Advisories Notices Update on September 26, 2022

Jenkins Security Advisories

Jenkins Security Advisory 2022-09-21

Adobe Security Bulletins and Advisories

Security updates available for Adobe Photoshop | APSB21-28 APSB22-52
Security updates available for Adobe Experience Manager | APSB21-15 APSB22-40
Security Updates Available for Adobe Bridge | APSB21-23 APSB22-49
Security Update Available for Adobe InDesign | APSB20-66 APSB22-50
Security Update Available for Adobe InCopy | APSB21-05 APSB22-53
Security Updates Available for Adobe Animate | APSB21-21 APSB22-54

Node.js Security Advisories

September 22nd 2022 Security Releases

Google Security Advisories

Pixel Update Bulletin—September 2022 | Android Open Source Project
Android Security Bulletin—September 2022 | Android Open Source Project

CISA Known Exploited Vulnerabilities

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability CVE-2022-35405
Sophos Firewall Code Injection Vulnerability CVE-2022-3236
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability CVE-2022-37969
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability CVE-2022-32917
Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability CVE-2022-40139
Linux Kernel Improper Input Validation Vulnerability CVE-2013-6282
Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability CVE-2013-2597
Linux Kernel Integer Overflow Vulnerability CVE-2013-2596
Linux Kernel Privilege Escalation Vulnerability CVE-2013-2094
Microsoft Windows Remote Code Execution Vulnerability CVE-2010-2568
Google Chromium Insufficient Data Validation Vulnerability CVE-2022-3075
D-Link DIR-816L Remote Code Execution Vulnerability CVE-2022-28958
QNAP Photo Station Externally Controlled Reference Vulnerability CVE-2022-27593
D-Link DIR-820L Remote Code Execution Vulnerability CVE-2022-26258
Apple iOS, iPadOS, and macOS Input Validation Vulnerability CVE-2020-9934
MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability CVE-2018-7445
D-Link Multiple Routers OS Command Injection Vulnerability CVE-2018-6530
Oracle WebLogic Server Unspecified Vulnerability CVE-2018-2628
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability CVE-2018-13374
NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability CVE-2017-5521
D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability CVE-2011-4723
Android OS Privilege Escalation Vulnerability CVE-2011-1823

Cisco Security Advisory

Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability
Cisco IOS XR Software Broadband Network Gateway PPP over Ethernet Denial of Service Vulnerability
Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability
Cisco Network Convergence System 4000 Series TL1 Denial of Service Vulnerability
Cisco Meraki MR Series Splash Page Insecure Configuration Option
Cisco Webex Meetings App Character Interface Manipulation Vulnerability
Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability
Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022

Apple Security Advisory

Safari 16 Security Content
iOS 16 Security Content
macOS Monterey 12.6 Security Content
macOS Big Sur 11.7 Security Content
iOS 15.7 and iPadOS 15.7 Security Content
iOS 12.5.6 Security Content

National Cyber Awareness System

CISA Has Added One Known Exploited Vulnerability to Catalog
CISA and NSA Publish Joint Cybersecurity Advisory on Control System Defense
ISC Releases Security Advisories for Multiple Versions of BIND 9
CISA Releases Three Industrial Control Systems Advisories
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager
Iranian State Actors Conduct Cyber Operations Against the Government of Albania
CISA Releases Eight industrial Control Systems Advisories
CISA Releases Eleven Industrial Control Systems Advisories
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA and NSA Publish Open Radio Access Network Security Considerations | PDF
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Iranian Islamic Revolutionary Guard Corps Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
Adobe Releases Security Updates for Multiple Products
Microsoft Releases September 2022 Security Updates
CISA Releases Five Industrial Control Systems Advisories
Apple Releases Security Updates for Multiple Products
CISA Releases Four Industrial Control Systems Advisories
Cisco Releases Security Updates for Multiple Products
CISA Adds Twelve Known Exploited Vulnerabilities to Catalog
CISA Releases Five Industrial Control Systems Advisories
#StopRansomware: Vice Society
Mozilla Releases Security Update for Thunderbird
CISA, NSA, and ODNI Release Part One of Guidance on Securing the Software Supply Chain
Apple Releases Security Updates for Multiple Products
CISA releases two Industrial Control Systems Advisories
CISA Releases 12 Industrial Control Systems Advisories

Mozilla Security Advisories

Security Vulnerabilities fixed in Thunderbird 102.3 mfsa2022-42
Security Vulnerabilities fixed in Firefox ESR 102.3 mfsa2022-41
Security Vulnerabilities fixed in Firefox 105 mfsa2022-40
Security Vulnerabilities fixed in Thunderbird 91.13.1 mfsa2022-39
Security Vulnerabilities fixed in Thunderbird 102.2.1 mfsa2022-38

Ubuntu Security Notices

USN-5635-1: Linux kernel (GKE) vulnerabilities
USN-5629-1: Python vulnerability
USN-5634-1: Linux kernel (OEM) vulnerability
USN-5633-1: Linux kernel vulnerabilities
USN-5632-1: OAuthLib vulnerability
USN-5631-1: libjpeg-turbo vulnerabilities
USN-5630-1: Linux kernel (Raspberry Pi) vulnerabilities
USN-5628-1: etcd vulnerabilities
USN-5627-1: PCRE vulnerabilities
USN-5626-2: Bind vulnerabilities
USN-5626-1: Bind vulnerabilities
USN-5623-1: Linux kernel (HWE) vulnerabilities
USN-5625-1: Mako vulnerability
USN-5624-1: Linux kernel vulnerabilities
USN-5622-1: Linux kernel vulnerabilities
USN-5621-1: Linux kernel vulnerabilities
USN-5618-1: Ghostscript vulnerability
USN-5619-1: LibTIFF vulnerabilities
USN-5617-1: Xen vulnerabilities
USN-5613-2: Vim regression
USN-5616-1: Linux kernel (Intel IoTG) vulnerabilities
USN-5615-1: SQLite vulnerabilities
USN-5614-1: Wayland vulnerability
USN-5613-1: Vim vulnerabilities
USN-5612-1: Intel Microcode vulnerability
USN-5606-2: poppler regression
USN-5611-1: WebKitGTK vulnerability
USN-5610-1: rust-regex vulnerability
USN-5583-2: systemd regression
USN-5609-1: .NET 6 vulnerability
USN-5608-1: DPDK vulnerability
USN-5607-1: GDK-PixBuf vulnerability
USN-5606-1: poppler vulnerability
USN-5523-2: LibTIFF vulnerabilities
USN-5605-1: Linux kernel (Azure CVM) vulnerabilities
USN-5604-1: LibTIFF vulnerabilities
USN-5603-1: Linux kernel (Raspberry Pi) vulnerabilities
USN-5602-1: Linux kernel (Raspberry Pi) vulnerabilities
USN-4976-2: Dnsmasq vulnerability
USN-5600-1: Linux kernel (HWE) vulnerabilities
USN-5599-1: Linux kernel (Oracle) vulnerabilities
USN-5598-1: Linux kernel (Oracle) vulnerability
USN-5597-1: Linux kernel (Oracle) vulnerability
USN-5591-4: Linux kernel (AWS) vulnerability
USN-5596-1: Linux kernel (OEM) vulnerabilities
USN-5595-1: Linux kernel vulnerabilities
USN-5594-1: Linux kernel vulnerabilities
USN-5593-1: Zstandard vulnerability
USN-5587-1: curl vulnerability
USN-5592-1: Linux kernel vulnerabilities
USN-5591-3: Linux kernel vulnerability
USN-5591-2: Linux kernel (HWE) vulnerability
USN-5591-1: Linux kernel vulnerability
USN-5590-1: Linux kernel (OEM) vulnerability
USN-5589-1: Linux kernel vulnerabilities
USN-5588-1: Linux kernel vulnerability
USN-5572-2: Linux kernel (AWS) vulnerabilities
USN-5585-1: Jupyter Notebook vulnerabilities
USN-5586-1: SDL vulnerability
USN-5584-1: Schroot vulnerability
USN-5583-1: systemd vulnerability

Red Hat Security Advisory

(RHSA-2022:6681) Important: OpenShift Virtualization 4.9.6 Images security and bug fix update
(RHSA-2022:6531) Important: OpenShift Container Platform 4.10.33 packages and security update
(RHSA-2022:6536) Moderate: OpenShift Container Platform 4.11.5 bug fix and security update
(RHSA-2022:6535) Low: OpenShift Container Platform 4.11.5 packages and security update
(RHSA-2022:6634) Moderate: webkit2gtk3 security update
(RHSA-2022:6610) Important: kernel security, bug fix, and enhancement update
(RHSA-2022:6585) Moderate: ruby security, bug fix, and enhancement update
(RHSA-2022:6580) Moderate: booth security update
(RHSA-2022:6602) Moderate: gnupg2 security update
(RHSA-2022:6582) Important: kernel-rt security and bug fix update
(RHSA-2022:6590) Moderate: mysql security, bug fix, and enhancement update
(RHSA-2022:6608) Moderate: dbus-broker security update
(RHSA-2022:6595) Moderate: nodejs and nodejs-nodemon security and bug fix update
(RHSA-2022:6592) Important: kpatch-patch security update
(RHSA-2022:6537) Moderate: Moderate:OpenShift Container Platform 4.11.5 security and extras update
(RHSA-2022:6551) Important: Red Hat Virtualization security update
(RHSA-2022:6527) Moderate: OpenShift Virtualization 4.11.0 RPMs security and bug fix update
(RHSA-2022:6541) Moderate: php:7.4 security update
(RHSA-2022:6542) Moderate: php:7.4 security update
(RHSA-2022:6540) Moderate: webkit2gtk3 security update
(RHSA-2022:6539) Moderate: .NET 6.0 security and bugfix update
(RHSA-2022:6308) Important: OpenShift Container Platform 4.8.49 security update
(RHSA-2022:6526) Important: OpenShift Virtualization 4.11.0 Images security and bug fix update
(RHSA-2022:6523) Moderate: .NET Core 3.1 security and bugfix update
(RHSA-2022:6522) Moderate: .NET Core 3.1 on RHEL 7 security and bugfix update
(RHSA-2022:6521) Moderate: .NET 6.0 security and bugfix update
(RHSA-2022:6520) Moderate: .NET 6.0 on RHEL 7 security and bugfix update
(RHSA-2022:6518) Moderate: rh-mysql80-mysql security, bug fix, and enhancement update
(RHSA-2022:6517) Important: Release of containers for OSP 16.2.z director operator tech preview
(RHSA-2022:6507) Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes
(RHSA-2022:6506) Moderate: openvswitch2.16 security update
(RHSA-2022:6505) Moderate: openvswitch2.15 security update
(RHSA-2022:6504) Moderate: openvswitch2.17 security update
(RHSA-2022:6503) Moderate: openvswitch2.17 security update
(RHSA-2022:6502) Moderate: openvswitch2.13 security update
(RHSA-2022:6322) Moderate: OpenShift Container Platform 4.7.59 bug fix and security update
(RHSA-2022:6450) Moderate: ruby:3.0 security, bug fix, and enhancement update
(RHSA-2022:6460) Moderate: kernel security, bug fix, and enhancement update
(RHSA-2022:6463) Moderate: gnupg2 security update
(RHSA-2022:6457) Moderate: python3 security update
(RHSA-2022:6449) Moderate: nodejs:16 security and bug fix update
(RHSA-2022:6443) Moderate: mariadb:10.3 security and bug fix update
(RHSA-2022:6447) Moderate: ruby:2.7 security, bug fix, and enhancement update
(RHSA-2022:6448) Moderate: nodejs:14 security and bug fix update
(RHSA-2022:6437) Moderate: kernel-rt security and bug fix update
(RHSA-2022:6439) Moderate: booth security update
(RHSA-2022:6432) Important: kernel security and bug fix update
(RHSA-2022:6430) Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update
(RHSA-2022:6429) Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update
(RHSA-2022:6427) Critical: Red Hat Advanced Cluster Management 2.6.1 security fix and bug fix
(RHSA-2022:6424) Critical: Multicluster Engine for Kubernetes 2.1.1 security update and bug fixes
(RHSA-2022:6422) Critical: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes
(RHSA-2022:6317) Important: OpenShift Container Platform 4.9.48 bug fix and security update
(RHSA-2022:6318) Moderate: OpenShift Container Platform 4.9.48 extras security update
(RHSA-2022:6407) Moderate: Red Hat Integration Camel-K 1.8 security update
(RHSA-2022:6262) Important: OpenShift Container Platform 4.6.61 bug fix and security update
(RHSA-2022:6263) Moderate: OpenShift Container Platform 4.6.61 security and extras update
(RHSA-2022:6393) Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update
(RHSA-2022:6392) Important: RHV RHEL Host (ovirt-host) [ovirt-4.5.2] security update
(RHSA-2022:6389) Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update
(RHSA-2022:6258) Important: OpenShift Container Platform 4.10.31 security update
(RHSA-2022:6287) Moderate: OpenShift Container Platform 4.11.3 packages and security update
(RHSA-2022:6386) Important: openvswitch2.17 security update
(RHSA-2022:6385) Important: openvswitch2.15 security update
(RHSA-2022:6384) Important: openvswitch2.13 security update
(RHSA-2022:6382) Important: openvswitch2.16 security update
(RHSA-2022:6383) Important: openvswitch2.17 security update
(RHSA-2022:6252) Moderate: OpenShift Container Platform 3.11.784 security update
(RHSA-2022:6381) Important: open-vm-tools security update
(RHSA-2022:6370) Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes
(RHSA-2022:6344) Moderate: Logging Subsystem 5.5.1 Security and Bug Fix Update
(RHSA-2022:6358) Important: open-vm-tools security update
(RHSA-2022:6357) Important: open-vm-tools security update
(RHSA-2022:6356) Important: open-vm-tools security update
(RHSA-2022:6355) Important: open-vm-tools security update
(RHSA-2022:6354) Important: open-vm-tools security update
(RHSA-2022:6183) Moderate: Logging Subsystem 5.4.5 Security and Bug Fix Update
(RHSA-2022:6351) Important: OpenShift Virtualization 4.10.5 Images security and bug fix update
(RHSA-2022:6182) Moderate: Openshift Logging Security and Bug Fix update (5.3.11)
(RHSA-2022:6348) Moderate: Gatekeeper Operator v0.2 security and container updates
(RHSA-2022:6347) Moderate: VolSync 0.5 security fixes and updates
(RHSA-2022:6346) Moderate: RHSA: Submariner 0.13 – security and enhancement update
(RHSA-2022:6345) Moderate: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes
(RHSA-2022:6341) Important: pcs security update
(RHSA-2022:6314) Important: pcs security update
(RHSA-2022:6313) Important: pcs security update
(RHSA-2022:6312) Important: pcs security update
(RHSA-2022:6306) Moderate: rh-mariadb103-galera and rh-mariadb103-mariadb security and bug fix update
(RHSA-2022:6292) Important: Red Hat AMQ Broker 7.8.7 release and security update
(RHSA-2022:6152) Important: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 security update
(RHSA-2022:6290) Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update
(RHSA-2022:6283) Moderate: Red Hat OpenShift Service Mesh 2.2.2 Containers security update
(RHSA-2022:6277) Moderate: Red Hat OpenShift Service Mesh 2.1.5 security update
(RHSA-2022:6272) Moderate: Red Hat OpenShift Service Mesh 2.0.11 security update
(RHSA-2022:6271) Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes
(RHSA-2022:6269) Moderate: convert2rhel security, bug fix, and enhancement update
(RHSA-2022:6268) Moderate: convert2rhel security, bug fix, and enhancement update
(RHSA-2022:6266) Moderate: convert2rhel security update
(RHSA-2022:6133) Important: OpenShift Container Platform 4.10.30 bug fix and security update
(RHSA-2022:6147) Important: OpenShift Container Platform 4.9.47 bug fix and security update
(RHSA-2022:6250) Moderate: booth security update
(RHSA-2022:6248) Moderate: kernel-rt security and bug fix update
(RHSA-2022:6243) Moderate: kernel security and bug fix update
(RHSA-2022:6224) Moderate: openssl security and bug fix update
(RHSA-2022:6206) Important: systemd security update

Microsoft Security

Microsoft Endpoint Configuration Manager Spoofing Vulnerability
Chromium: CVE-2022-3200 Heap buffer overflow in Internals
Chromium: CVE-2022-3199 Use after free in Frames
Chromium: CVE-2022-3198 Use after free in PDF
Chromium: CVE-2022-3197 Use after free in PDF
Chromium: CVE-2022-3196 Use after free in PDF
Chromium: CVE-2022-3195 Out of bounds write in Storage
Windows Photo Import API Elevation of Privilege Vulnerability
.NET Framework Remote Code Execution Vulnerability
Windows Credential Roaming Service Elevation of Privilege Vulnerability
Windows Secure Channel Denial of Service Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
.NET Core and Visual Studio Denial of Service Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Event Tracing Denial of Service Vulnerability
Windows Secure Channel Denial of Service Vulnerability
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
HTTP V3 Denial of Service Vulnerability
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
Windows Enterprise App Management Service Remote Code Execution Vulnerability
Windows TCP/IP Remote Code Execution Vulnerability
Windows Distributed File System (DFS) Elevation of Privilege Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability
Windows DNS Server Denial of Service Vulnerability
Windows ALPC Elevation of Privilege Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows GDI Elevation of Privilege Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Fax Service Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability
Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft PowerPoint Remote Code Execution Vulnerability
Raw Image Extension Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
AV1 Video Extension Remote Code Execution Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
Chromium: CVE-2022-3075 Insufficient data validation in Mojo
Chromium: CVE-2022-3058 Use after free in Sign-In Flow
Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox
Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy
Chromium: CVE-2022-3055 Use after free in Passwords
Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools
Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock
Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API
Chromium: CVE-2022-3046 Use after free in Browser Tag
Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8
Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation
Chromium: CVE-2022-3041 Use after free in WebSQL
Chromium: CVE-2022-3040 Use after free in Layout
Chromium: CVE-2022-3039 Use after free in WebSQL
Chromium: CVE-2022-3038 Use after free in Network Service
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Github Security Advisories

[GHSA-v57h-6hmh-g2p4] Weight not properly refunded after EVM execution
[GHSA-gmhj-xjfh-cf6m] Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
[GHSA-8gq9-2×98-w8hf] protobuf-cpp and protobuf-python have potential Denial of Service issue
[GHSA-4456-w38r-m53x] Besu VM vulnerable to gas allocation error in CALL operations
[GHSA-g7j7-h4q8-8w2f] Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
[GHSA-w9mf-83w3-fv49] Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
[GHSA-wf7g-7h6h-678v] Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
[GHSA-28q9-9c3g-v3f9] lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
[GHSA-6h2x-4gjf-jc5w] autogluon.multimodal vulnerable to unsafe YAML deserialization
[GHSA-9jjv-524m-jm98] @netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation
[GHSA-5p8v-58qm-c7fp] python-jwt vulnerable to token forgery with new claims
[GHSA-r657-33vp-gp22] parse-server auth adapter app ID validation can be circumvented
[GHSA-vv7x-7w4m-q72f] fhir-works-on-aws-authz-smart handles permissions improperly
[GHSA-6w4q-23cf-j9jp] parse-server’s session object properties can be updated by foreign user if object ID is known
[GHSA-4qw4-jpp4-8gvp] Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
[GHSA-88cv-mj24-8w3q] arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
[GHSA-gwp4-mcv4-w95j] jwcrypto token substitution can lead to authentication bypass
[GHSA-28r9-pq4c-wp3c] personnummer/rust vulnerable to Improper Input Validation
[GHSA-cf7g-cm7q-rq7f] SFTPGo WebClient vulnerable to Cross-site Scripting
[GHSA-g4h6-qp44-wqvx] XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
[GHSA-gg53-wf5x-r3r6] XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
[GHSA-cmr8-5w4c-44v8] Fastly Compute@Edge JS Runtime has fixed random number seed during compilation
[GHSA-m6vp-8q9j-whx4] TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`
[GHSA-p2xf-8hgm-hpw5] TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`
[GHSA-9942-r22v-78cp] TensorFlow vulnerable to `CHECK` fail in `LRNGrad`
[GHSA-wr9v-g9vf-c74v] TensorFlow vulnerable to segfault in `RaggedBincount`
[GHSA-9vqj-64pv-w55c] TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`
[GHSA-j43h-pgmg-5hjq] TensorFlow vulnerable to `CHECK` fail in `MaxPool`
[GHSA-397c-5g2j-qxpv] TensorFlow vulnerable to segfault in `SparseBincount`
[GHSA-vxv8-r8q2-63xw] TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`
[GHSA-v7vw-577f-vp8x] TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6`
[GHSA-vgvh-2pf4-jr2x] TensorFlow vulnerable to segfault in `QuantizeDownAndShrinkRange`
[GHSA-689c-r7h2-fv9v] TensorFlow vulnerable to segfault in `QuantizedMatMul`
[GHSA-4pc4-m9mj-v2r9] TensorFlow vulnerable to segfault in `QuantizedBiasAdd`
[GHSA-9fpg-838v-wpv7] TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars`
[GHSA-g35r-369w-3fqp] TensorFlow vulnerable to segfault in `QuantizedInstanceNorm`
[GHSA-q2c3-jpmc-gfjx] TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`
[GHSA-2475-53vw-vp25] TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad`
[GHSA-v6h3-348g-6h5x] TensorFlow vulnerable to segfault in `QuantizedAdd`
[GHSA-4w68-4×85-mjj9] TensorFlow vulnerable to segfault in `QuantizedAvgPool`
[GHSA-h7ff-cfc9-wmmh] TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`
[GHSA-vm7x-4qhj-rrcq] TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`
[GHSA-qxpx-j395-pw36] TensorFlow vulnerable to segfault in `LowerBound` and `UpperBound`
[GHSA-9v8w-xmr4-wgxp] TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor`
[GHSA-wq6q-6m32-9rv9] TensorFlow vulnerable to `CHECK` fail in `SetSize`
[GHSA-f7r5-q7cx-h668] TensorFlow vulnerable to segfault in `BlockLSTMGradV2`
[GHSA-84jm-4cf3-9jfm] TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad`
[GHSA-h5vq-gw2c-pq47] TensorFlow vulnerable to `CHECK` failures in `UnbatchGradOp`
[GHSA-x989-q2pq-4q5x] TensorFlow vulnerable to Int overflow in `RaggedRangeOp`
[GHSA-fhfc-2q7x-929f] TensorFlow vulnerable to `CHECK` fail in `CollectiveGather`
[GHSA-v5xg-3q2c-c2r4] TensorFlow vulnerable to `CHECK` failure in `TensorListReserve` via missing validation
[GHSA-q5jv-m6qw-5g37] TensorFlow vulnerable to floating point exception in `Conv2D`
[GHSA-wxjj-cgcx-r3vq] TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad`
[GHSA-qhw4-wwr7-gjc5] TensorFlow vulnerable to `CHECK` fail in `EmptyTensorList`
[GHSA-fqxc-pvf8-2w9v] TensorFlow vulnerable to null dereference on MLIR on empty function attributes
[GHSA-jqm7-m5q7-3hm5] TensorFlow vulnerable to `CHECK` fail in `DrawBoundingBoxes`
[GHSA-634p-93h9-92vh] ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
[GHSA-mh3m-62v7-68xg] TensorFlow vulnerable to `CHECK` fail in `Unbatch`
[GHSA-828c-5j5q-vrjq] TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef`
[GHSA-fv43-93gv-vm8f] TensorFlow vulnerable to null dereference on MLIR on empty function attributes
[GHSA-wqmc-pm8c-2jhc] TensorFlow vulnerable to segfault in `Requantize`
[GHSA-cv2p-32v3-vhwq] TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2`
[GHSA-r26c-679w-mrjm] TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`
[GHSA-g9h5-vr8m-x2h4] TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2`
[GHSA-4p6f-m4f9-ch88] Binary vulnerable to Slice Memory Allocation with Excessive Size Value
[GHSA-mv8m-8×97-937q] TensorFlow vulnerable to `CHECK` fail in `tf.random.gamma`
[GHSA-g468-qj8g-vcjc] TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
[GHSA-mv8x-668m-53fg] Elrond-go has improper initialization
[GHSA-7j3m-8g3c-9qqq] TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`
[GHSA-rh87-q4vg-m45j] TensorFlow vulnerable to integer overflow in math ops
[GHSA-jvhc-5hhr-w3v5] TensorFlow vulnerable to assertion fail on MLIR empty edge names
[GHSA-w62h-8xjm-fv49] TensorFlow vulnerable to `CHECK` fail in `DenseBincount`
[GHSA-mgmh-g2v6-mqw5] TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`
[GHSA-2m6g-crv8-p3c6] Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
[GHSA-9cr2-8pwr-fhfq] TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`
[GHSA-m6cv-4fmf-66xf] TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`
[GHSA-9j4v-pp28-mxv7] TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`
[GHSA-79h2-q768-fpxr] TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions
[GHSA-54qx-8p8w-xhg8] SFTPGo vulnerable to recovery codes abuse
[GHSA-fxwr-4vq9-9vhj] XWiki Cross-Site Request Forgery (CSRF) for actions on tags
[GHSA-ffjm-4qwc-7cmf] TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite
[GHSA-pxrw-j2fv-hx3h] TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite
[GHSA-6vfq-jmxg-g58r] Shopware contains sensitive data in backend customer module
[GHSA-3pgj-pg6c-r5p7] OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
[GHSA-qc43-pgwq-3q2q] Shopware access control list bypassed via crafted specific URLs
[GHSA-rc4r-wh2q-q6c4] Moby supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
[GHSA-xhmf-mmv2-4hhx] Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
[GHSA-f4w6-h4f5-wx45] TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows
[GHSA-97p7-w86h-vcf9] TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation
[GHSA-x996-7qh9-7ff7] Hyperledger indy-node vulnerable to denial of service
[GHSA-xx9w-464f-7h6f] Harbor fails to validate the user permissions when updating a robot account
[GHSA-8c6p-v837-77f6] Harbor fails to validate the user permissions when updating tag immutability policies
[GHSA-jf8p-3vjh-pq94] Harbor fails to validate the user permissions when viewing Webhook policies
[GHSA-3637-v6vq-xqqw] Harbor fails to validate the user permissions when updating tag retention policies
[GHSA-28m8-9j7v-x499] Tauri’s readDir Endpoint Scope can be Bypassed With Symbolic Links
[GHSA-9xgj-fcgf-x6mw] Poetry Argument Injection can lead to Local Code Execution
[GHSA-p7hr-f446-x6qf] TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`
[GHSA-37jf-mjv6-xfqw] TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`
[GHSA-8gw7-4j42-w388] Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
[GHSA-47m6-46mj-p235] TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
[GHSA-p2g7-xwvr-rrw3] Helm Controller denial of service
[GHSA-w3w9-vrf5-8mx8] ReactPHP’s HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
[GHSA-xmgg-fx9p-prq6] NodeBB account takeover via SSO plugins
[GHSA-r9x7-2xmr-v8fw] mangadex-downloader vulnerable to unauthorized file reading
[GHSA-jv3g-j58f-9mq9] JOSE vulnerable to resource exhaustion via specifically crafted JWE
[GHSA-qm4w-4995-vg7f] cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch
[GHSA-f524-rf33-2jjr] OPA Compiler: Bypass of WithUnsafeBuiltins using “with” keyword to mock functions
[GHSA-xg8p-34w2-j49j] linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
[GHSA-jgc8-gvcx-9vfx] XWiki Platform Improper Authorization check for inactive users
[GHSA-599v-w48h-rjrm] XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
[GHSA-gjmq-x5x7-wc36] XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
[GHSA-9r9j-57rf-f6vj] XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
[GHSA-c5v8-2q4r-5w9v] XWiki Platform Mentions UI vulnerable to Cross-site Scripting
[GHSA-xr6m-2p4m-jvqf] XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
[GHSA-2g5c-228j-p52x] XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
[GHSA-7hgc-php5-77qq] Talos worker join token can be used to get elevated access level to the Talos API
[GHSA-jr8j-2jhp-m67v] nftables binding to an already bound chain
[GHSA-34vw-m4rh-r36p] Talos vulnerable dependency due to race condition in Linux kernel’s IP framework XFRM
[GHSA-3633-5h82-39pq] Improper handling of different key IDs for the same public keys in attacker-controlled metadata
[GHSA-fffr-7x4x-f98q] TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
[GHSA-m392-235j-9r7r] TYPO3 CMS vulnerable to User Enumeration via Response Timing
[GHSA-5959-4×58-r8c2] TYPO3 CMS missing check for expiration time of password reset token for backend users
[GHSA-9c6w-55cp-5w25] TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
[GHSA-fv2m-9249-qx85] TYPO3 CMS vulnerable to Cross-Site Scripting in view helper
[GHSA-rfj2-q3h3-hm5j] Cargo extracting malicious crates can corrupt arbitrary files
[GHSA-2hvr-h6gw-qrxp] Cargo extracting malicious crates can fill the file system
[GHSA-8h89-34w2-jpfm] XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
[GHSA-h5j3-5×63-p8jv] XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
[GHSA-mxf2-4r22-5hq9] XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
[GHSA-fph9-f5r6-vhqf] Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)
[GHSA-r7vq-6425-j94w] Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
[GHSA-ggf6-638m-vqmg] Netmaker before 0.15.1 vulnerable to Insufficient Granularity of Access Control
[GHSA-pfw4-xjgm-267c] Dendrite signature checks not applied to some retrieved missing events
[GHSA-gqqf-g5r7-84vf] TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
[GHSA-cq7q-5c67-w39w] matrix-appservice-irc vulnerable to IRC mode parameter confusion
[GHSA-xvqg-mv25-rwvw] Parsing issue in matrix-org/node-irc leading to room takeovers
[GHSA-r8m2-4×37-6592] .NET Denial of Service Vulnerability
[GHSA-qcqv-38jg-2r43] Pageflow vulnerable to insecure direct object reference in membership update endpoint
[GHSA-wrrw-crp8-979q] Pageflow vulnerable to sensitive user data extraction via Ransack query injection
[GHSA-qv98-3369-g364] KubeVirt vulnerable to arbitrary file read on host
[GHSA-q76q-q8hw-hmpw] Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs
[GHSA-r6v9-p59m-gj2p] Remote code execution in Indy’s NODE_UPGRADE transaction
[GHSA-qf7j-25g9-r63f] elrond-go MultiESDTNFTTransfer call on a SC address with missing function name
[GHSA-rp4v-hhm6-rcv9] Pinniped Supervisor Insufficient Session Expiration vulnerability
[GHSA-xwf3-6rgv-939r] Flux CLI Workload Injection
[GHSA-gp7f-rwcx-9369] jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled
[GHSA-6qv6-q77g-7qm6] NVFLARE unsafe deserialization due to Pickle
[GHSA-rvgm-35jw-q628] Improper Control of Generation of Code (‘Code Injection’) in mdx-mermaid
[GHSA-vqc4-v8hc-h2jg] Polynomial regular expression used on uncontrolled data in nitrado.js
[GHSA-prrh-qvhf-x788] Cross-site Scripting in prestashop/productcomments
[GHSA-jhjh-776m-4765] Denial of service due to incorrect application of event authorization rules
[GHSA-c8fj-4pm8-mp2c] Broken Authorization in ZITADEL Actions
[GHSA-8mgq-6r2q-82w9] Captcha Bypass in strapi-plugin-ezforms
[GHSA-rv3r-vqjj-8c76] Cross-site scripting from content entered in the tags and multiselect fields
[GHSA-7hfp-qfw3-5jxh] Denial of service through string value parsing
[GHSA-wff4-fpwg-qqv3] Unexpected server crash in Next.js
[GHSA-p4cc-w597-6cpm] Cryptographically weak PRNG in `utils.generateUUID`
[GHSA-56×4-j7p9-fcf9] Command Injection in moment-timezone
[GHSA-v78c-4p63-2j6c] Cleartext Transmission of Sensitive Information in moment-timezone
[GHSA-77qm-wvqq-fg79] Directus vulnerable to unhandled exception on illegal filename_disk value
[GHSA-pfhr-pccp-hwmh] Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels
[GHSA-grvv-h2f9-7v9c] gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth
[GHSA-fcg8-mg9g-6hc4] .NET Denial of Service Vulnerability
[GHSA-3rq8-h3gj-r5c6] .NET Denial of Service Vulnerability
[GHSA-3f89-869f-5w76] Cross-site scripting from dynamic options in the multiselect field