Skip to Content

Security Advisories Notices Update on 2022-10-25

Jenkins Security Advisories

Jenkins Security Advisory 2022-10-19

Oracle Security Alerts

Oracle Critical Patch Update Advisory – October 2022

Adobe Security Bulletins and Advisories

Security Updates Available for Adobe Animate | APSB21-21 APSB22-57
Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-46
Security updates available for Adobe ColdFusion | APSB22-44

Apple Security Advisory

iOS 16.0.3 Security Content

National Cyber Awareness System

#StopRansomware: Daixin Team
Cisco Releases Security Update for Cisco Identity Services Engine
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Releases Three Industrial Control Systems Advisories
Mozilla Releases Security Updates for Firefox
CISA Requests for Comment on Microsoft 365 Security Configuration Baselines
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
Oracle Releases October 2022 Critical Patch Update
CISA Releases Two Industrial Control Systems Advisories
CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool
CISA Releases Twenty-Five Industrial Control Systems Advisories
Adobe Releases Security Updates for Multiple Products
Microsoft Releases October 2022 Security Updates
CISA Has Added One Known Exploited Vulnerability to Catalog
FBI and CISA Publish a PSA on Information Manipulation Tactics for 2022 Midterm Elections
Top CVEs Actively Exploited by People’s Republic of China State-Sponsored Cyber Actors
Cisco Releases Security Updates for Multiple Products
CISA Releases Two Industrial Control Systems Advisories
FBI and CISA Publish a PSA on Malicious Cyber Activity Against Election Infrastructure
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
CISA Releases Five Industrial Control Systems Advisories
CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks
Drupal Releases Security Update
Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server
Cisco Releases Security Updates for Multiple Products
Mozilla Releases Security Update for Thunderbird
Hurricane-Related Scams
CISA Adds Three Known Exploited Vulnerabilities to Catalog
VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere
CISA Releases Six Industrial Control Systems Advisories
CISA Publishes User Guide to Prepare for Nov. 1 Move to TLP 2.0
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
CISA Releases Three Industrial Control Systems Advisories

Mozilla Security Advisories

Security Vulnerabilities fixed in Firefox ESR 102.4 mfsa2022-45
Security Vulnerabilities fixed in Firefox 106 mfsa2022-44
Security Vulnerabilities fixed in Thunderbird 102.3.1 mfsa2022-43

Ubuntu Security Notices

USN-5695-1: Linux kernel (GCP) vulnerabilities
USN-5694-1: LibreOffice vulnerabilities
USN-5693-1: Linux kernel (OEM) vulnerabilities
USN-5692-1: Linux kernel vulnerabilities
USN-5691-1: Linux kernel vulnerabilities
USN-5690-1: libXdmcp vulnerability
USN-5689-1: Perl vulnerability
USN-5688-1: Libksba vulnerability
USN-5687-1: Linux kernel (Azure) vulnerabilities
USN-5686-1: Git vulnerabilities
USN-5685-1: FRR vulnerabilities
USN-5684-1: Linux kernel (Azure) vulnerabilities
USN-5570-2: zlib vulnerability
USN-5683-1: Linux kernel (IBM) vulnerabilities
USN-5682-1: Linux kernel (AWS) vulnerabilities
USN-5680-1: gThumb vulnerabilities
USN-5679-1: Linux kernel (HWE) vulnerabilities
USN-5678-1: Linux kernel vulnerabilities
USN-5677-1: Linux kernel vulnerabilities
USN-5675-1: Heimdal vulnerabilities
USN-5676-1: PostgreSQL vulnerability
USN-5674-1: XML Security Library vulnerability
USN-5673-1: unzip vulnerabilities
USN-5672-1: GMP vulnerability
USN-5671-1: AdvanceCOMP vulnerabilities
USN-5670-1: .NET 6 vulnerability
USN-5669-2: Linux kernel vulnerabilities
USN-5669-1: Linux kernel vulnerabilities
USN-5668-1: Linux kernel vulnerabilities
USN-5667-1: Linux kernel vulnerabilities
USN-5665-1: PCRE vulnerabilities
USN-5666-1: OpenSSH vulnerability
USN-5663-1: Thunderbird vulnerabilities
USN-5371-3: nginx vulnerability
USN-5661-1: LibreOffice vulnerabilities
USN-5660-1: Linux kernel (GCP) vulnerabilities
USN-5659-1: kitty vulnerabilities
USN-5657-1: Graphite2 vulnerability
USN-5658-1: DHCP vulnerabilities
USN-5656-1: JACK vulnerability
USN-5655-1: Linux kernel (Intel IoTG) vulnerabilities
USN-5654-1: Linux kernel (GKE) vulnerabilities
USN-5653-1: Django vulnerability
USN-5651-2: strongSwan vulnerability
USN-5651-1: strongSwan vulnerability
USN-5614-2: Wayland vulnerability
USN-5652-1: Linux kernel (Azure) vulnerabilities
USN-5649-1: Firefox vulnerabilities
USN-5650-1: Linux kernel vulnerabilities
USN-5648-1: Linux kernel (GKE) vulnerabilities
USN-5647-1: Linux kernel (GCP) vulnerabilities
USN-5646-1: libXi vulnerabilities
USN-5615-2: SQLite vulnerability
USN-5645-1: PostgreSQL vulnerabilities
USN-5644-1: Linux kernel (GCP) vulnerabilities
USN-5643-1: Ghostscript vulnerabilities
USN-5642-1: WebKitGTK vulnerabilities
USN-5641-1: Squid vulnerabilities
USN-5640-1: Linux kernel (Oracle) vulnerabilities
USN-5639-1: Linux kernel (Azure CVM) vulnerabilities
USN-5638-1: Expat vulnerability
USN-5637-1: libvpx vulnerability
USN-5636-1: SoS vulnerability

Red Hat Security Advisory

(RHSA-2022:7072) Important: firefox security update
(RHSA-2022:7071) Important: firefox security update
(RHSA-2022:7070) Important: firefox security update
(RHSA-2022:7069) Important: firefox security update
(RHSA-2022:7068) Important: firefox security update
(RHSA-2022:7066) Important: firefox security update
(RHSA-2022:7053) Moderate: OpenJDK 17.0.5 Security Update for Portable Linux Builds
(RHSA-2022:7051) Moderate: OpenJDK 17.0.5 Security Update for Windows Builds
(RHSA-2022:7054) Moderate: OpenJDK 11.0.17 Security Update for Portable Linux Builds
(RHSA-2022:7052) Moderate: OpenJDK 11.0.17 Security Update for Windows Builds
(RHSA-2022:7050) Moderate: OpenJDK 8u352 Security Update for Portable Linux Builds
(RHSA-2022:7049) Moderate: OpenJDK 8u352 Windows Security Update
(RHSA-2022:7013) Moderate: java-11-openjdk security and bug fix update
(RHSA-2022:6999) Moderate: java-17-openjdk security and bug fix update
(RHSA-2022:7007) Moderate: java-1.8.0-openjdk security update
(RHSA-2022:7012) Moderate: java-11-openjdk security and bug fix update
(RHSA-2022:7000) Moderate: java-17-openjdk security and bug fix update
(RHSA-2022:7058) Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update
(RHSA-2022:7008) Moderate: java-11-openjdk security and bug fix update
(RHSA-2022:7010) Moderate: java-11-openjdk security update
(RHSA-2022:7011) Moderate: java-11-openjdk security update
(RHSA-2022:7001) Moderate: java-17-openjdk security update
(RHSA-2022:7006) Moderate: java-1.8.0-openjdk security update
(RHSA-2022:7005) Moderate: java-1.8.0-openjdk security update
(RHSA-2022:7002) Moderate: java-1.8.0-openjdk security and bug fix update
(RHSA-2022:7003) Moderate: java-1.8.0-openjdk security update
(RHSA-2022:7004) Moderate: java-1.8.0-openjdk security update
(RHSA-2022:7009) Moderate: java-11-openjdk security update
(RHSA-2022:6905) Important: OpenShift Container Platform 4.9.50 bug fix and security update
(RHSA-2022:7056) Moderate: samba security, bug fix and enhancement update
(RHSA-2022:7055) Moderate: RHOSDT 2.6.0 operator/operand containers Security Update
(RHSA-2022:7044) Moderate: rh-nodejs14-nodejs security update
(RHSA-2022:7025) Important: firefox security update
(RHSA-2022:7026) Important: thunderbird security update
(RHSA-2022:7024) Important: firefox security update
(RHSA-2022:7022) Important: firefox security update
(RHSA-2022:7023) Important: thunderbird security update
(RHSA-2022:7021) Important: thunderbird security update
(RHSA-2022:7020) Important: firefox security update
(RHSA-2022:7019) Important: firefox security update
(RHSA-2022:6998) Important: thunderbird security update
(RHSA-2022:6996) Important: thunderbird security update
(RHSA-2022:6997) Important: firefox security update
(RHSA-2022:6995) Important: thunderbird security update
(RHSA-2022:6991) Important: kernel-rt security and bug fix update
(RHSA-2022:6985) Moderate: nodejs:14 security and bug fix update
(RHSA-2022:6983) Important: kernel security, bug fix, and enhancement update
(RHSA-2022:6978) Important: kpatch-patch security update
(RHSA-2022:6969) Important: Red Hat OpenStack Platform (tripleo-ansible) security update
(RHSA-2022:6967) Important: compat-expat1 security update
(RHSA-2022:6964) Important: nodejs:16 security update
(RHSA-2022:6963) Important: nodejs security update
(RHSA-2022:6954) Moderate: Red Hat Advanced Cluster Management 2.5.3 security fixes and bug fixes
(RHSA-2022:6941) Important: Red Hat build of Quarkus Platform 2.7.6.SP1 and security update
(RHSA-2022:6801) Important: OpenShift Container Platform 4.8.51 packages and security update
(RHSA-2022:6921) Important: expat security update
(RHSA-2022:6805) Important: OpenShift Container Platform 4.10.36 security update
(RHSA-2022:6916) Important: Red Hat AMQ Broker 7.10.1 release and security update
(RHSA-2022:6913) Moderate: .NET 6.0 security and bugfix update
(RHSA-2022:6912) Moderate: .NET Core 3.1 security and bugfix update
(RHSA-2022:6911) Moderate: .NET 6.0 security and bugfix update
(RHSA-2022:6890) Important: OpenShift Virtualization 4.8.7 Images bug fixes and security update
(RHSA-2022:6878) Important: expat security update
(RHSA-2022:6875) Important: kpatch-patch security update
(RHSA-2022:6872) Important: kernel security update
(RHSA-2022:6856) Moderate: rh-ruby27-ruby security, bug fix, and enhancement update
(RHSA-2022:6855) Moderate: rh-ruby30-ruby security, bug fix, and enhancement update
(RHSA-2022:6850) Important: openvswitch2.11 security update
(RHSA-2022:6839) Important: squid security update
(RHSA-2022:6838) Important: expat security update
(RHSA-2022:6835) Important: Service Registry (container images) release and security update [2.3.0.GA]
(RHSA-2022:6834) Important: expat security update
(RHSA-2022:6833) Important: expat security update
(RHSA-2022:6832) Important: expat security update
(RHSA-2022:6831) Important: expat security update
(RHSA-2022:6820) Moderate: prometheus-jmx-exporter security update
(RHSA-2022:6825) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
(RHSA-2022:6822) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
(RHSA-2022:6823) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
(RHSA-2022:6821) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
(RHSA-2022:6757) Important: Red Hat build of Eclipse Vert.x 4.3.3 security update
(RHSA-2022:6819) Important: Red Hat AMQ Streams 2.2.0 release and security update
(RHSA-2022:6815) Important: squid security update
(RHSA-2022:6813) Important: Red Hat Process Automation Manager 7.13.1 security update
(RHSA-2022:6787) Moderate: Red Hat Single Sign-On 7.5.3 security update
(RHSA-2022:6783) Moderate: Red Hat Single Sign-On 7.5.3 security update on RHEL 8
(RHSA-2022:6782) Moderate: Red Hat Single Sign-On 7.5.3 security update on RHEL 7
(RHSA-2022:6781) Important: bind9.16 security update
(RHSA-2022:6780) Important: bind security update
(RHSA-2022:6779) Important: bind security update
(RHSA-2022:6778) Important: bind security update
(RHSA-2022:6777) Important: squid:4 security update
(RHSA-2022:6776) Important: squid:4 security update
(RHSA-2022:6775) Important: squid:4 security update
(RHSA-2022:6774) Important: squid:4 security update
(RHSA-2022:6766) Moderate: rh-python38-python security update
(RHSA-2022:6765) Important: bind security update
(RHSA-2022:6764) Important: bind security update
(RHSA-2022:6763) Important: bind security update
(RHSA-2022:6756) Moderate: java-1.8.0-ibm security update
(RHSA-2022:6755) Moderate: java-1.7.1-ibm security update
(RHSA-2022:6753) Moderate: httpd24-httpd security and bug fix update
(RHSA-2022:6750) Important: Red Hat OpenStack Platform (openstack-barbican) security update
(RHSA-2022:6741) Important: kernel security and bug fix update
(RHSA-2022:6717) Important: thunderbird security update
(RHSA-2022:6716) Important: thunderbird security update
(RHSA-2022:6715) Important: thunderbird security update
(RHSA-2022:6714) Moderate: RHACS 3.72 enhancement and security update
(RHSA-2022:6713) Important: thunderbird security update
(RHSA-2022:6711) Important: firefox security update
(RHSA-2022:6710) Important: thunderbird security update
(RHSA-2022:6708) Important: thunderbird security update
(RHSA-2022:6707) Important: firefox security update
(RHSA-2022:6703) Important: firefox security update
(RHSA-2022:6702) Important: firefox security update
(RHSA-2022:6701) Important: firefox security update
(RHSA-2022:6700) Important: firefox security update
(RHSA-2022:6696) Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes
(RHSA-2022:6560) Moderate: Openshift Logging Bug Fix Release and Security Update (5.3.12)

Cisco Security Advisory

Cisco Identity Services Engine Unauthorized File Access Vulnerability
Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability
Cisco Touch 10 Devices Insufficient Identity Verification Vulnerability
Cisco Enterprise NFV Infrastructure Software Improper Signature Verification Vulnerability
Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
Cisco BroadWorks Hosted Thin Receptionist Cross-Site Scripting Vulnerability
Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Cisco Jabber Client Software Extensible Messaging and Presence Protocol Stanza Smuggling Vulnerability
Cisco Touch 10 Devices Downgrade Vulnerability
Cisco SD-WAN Software Arbitrary File Corruption Vulnerability
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service Vulnerability
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service Vulnerability
Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability
Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability
Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability
Cisco Catalyst 9100 Series Access Points Association Request Denial of Service Vulnerability
Cisco SD-WAN Arbitrary File Deletion Vulnerability
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service Vulnerability
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability
Cisco Duo for macOS Authentication Bypass Vulnerability
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability
Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability
Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service Vulnerability
Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability
Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability
Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability
Cisco SD-WAN Software Privilege Escalation Vulnerabilities
Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password Vulnerability
Cisco Software-Defined Application Visibility and Control on Cisco vManage Authentication Bypass Vulnerability
Cisco IOS XE Software Web UI Command Injection Vulnerability
Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
Cisco Access Points VLAN Bypass from Native VLAN Vulnerability

Microsoft Security

Chromium: CVE-2022-3450 Use after free in Peer Connection
Chromium: CVE-2022-3449 Use after free in Safe Browsing
Chromium: CVE-2022-3447 Inappropriate implementation in Custom Tabs
Chromium: CVE-2022-3446 Heap buffer overflow in WebSQL
Chromium: CVE-2022-3445 Use after free in Skia
Microsoft Office Information Disclosure Vulnerability
Visual Studio Code Information Disclosure Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows COM+ Event System Service Elevation of Privilege Vulnerability
Microsoft Word Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Server Service Remote Protocol Elevation of Privilege Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows CD-ROM File System Driver Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Security Support Provider Interface Information Disclosure Vulnerability
Windows Group Policy Preference Client Elevation of Privilege Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows Group Policy Preference Client Elevation of Privilege Vulnerability
Windows Secure Channel Denial of Service Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability
Windows WLAN Service Elevation of Privilege Vulnerability
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Windows USB Serial Driver Information Disclosure Vulnerability
Windows Event Logging Service Denial of Service Vulnerability
Windows ALPC Elevation of Privilege Vulnerability
Windows DHCP Client Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Storage Elevation of Privilege Vulnerability
Windows Active Directory Certificate Services Security Feature Bypass
Windows DHCP Client Information Disclosure Vulnerability
Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Windows Distributed File System (DFS) Information Disclosure Vulnerability
Active Directory Certificate Services Elevation of Privilege Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Windows Mixed Reality Developer Tools Information Disclosure Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Local Session Manager (LSM) Denial of Service Vulnerability
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
NuGet Client Elevation of Privilege Vulnerability
Windows Resilient File System Elevation of Privilege
Windows Graphics Component Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Microsoft Office Spoofing Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Windows Group Policy Preference Client Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Local Session Manager (LSM) Denial of Service Vulnerability
Web Account Manager Information Disclosure Vulnerability
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Workstation Service Elevation of Privilege Vulnerability
Microsoft Windows Defender Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
StorSimple 8000 Series Elevation of Privilege Vulnerability
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Service Fabric Explorer Spoofing Vulnerability
Windows NTLM Spoofing Vulnerability
Windows CryptoAPI Spoofing Vulnerability
Windows TCP/IP Driver Denial of Service Vulnerability
Windows GDI+ Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability

Google Security Advisories

Pixel Update Bulletin—October 2022 | Android Open Source Project
Android Automotive OS Update Bulletin—October 2022 | Android Open Source Project
Android Security Bulletin—October 2022 | Android Open Source Project
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop

Github Security Advisories

[GHSA-485p-mrj5-8w2v] .NET Denial of Service Vulnerability
[GHSA-cw98-9j8w-wxv9] .NET Denial of Service Vulnerability
[GHSA-x459-p2rx-f8ff] .NET Denial of Service Vulnerability
[GHSA-vgwq-hfqc-58wv] .NET Core Information Disclosure Vulnerability
[GHSA-whpx-q3rq-w8jc] Hardening of TypedArrays with non-canonical numeric property names in SES
[GHSA-3r7j-8mqh-6qhx] Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack
[GHSA-5jp2-vwrj-99rf] Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution
[GHSA-f9qj-7gh3-mhj4] run-terraform allows for RCE via terraform plan
[GHSA-f4p5-x4vc-mh4v] Improper use of metav1.Duration allows for Denial of Service
[GHSA-c6w8-7mp3-34j9] .NET Remote Code Execution Vulnerability
[GHSA-c27j-76xg-6x4f] Kirby CMS vulnerable to user enumeration in the brute force protection
[GHSA-43qq-qw4x-28f8] Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
[GHSA-mxrx-fg8p-5p5j] Bifrost vulnerable to authentication check flaw that leads to authentication bypass
[GHSA-4vf4-955g-vxp2] OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration
[GHSA-2qc6-mcvw-92cw] Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
[GHSA-q4qq-jhjv-7rh2] MySQL JDBC deserialization vulnerability
[GHSA-j92c-mmf7-j5x5] Potential inter-blockchain communication (IBC) protocol compromise via “Dragonberry” vulnerability in cheqd
[GHSA-6mhr-52mv-6v6f] Field-level access-control bypass for multiselect field
[GHSA-h423-w6qv-2wj3] parse-server crashes when receiving file download request with invalid byte range
[GHSA-qj6r-fhrc-jj5r] Remote denial of service in Hyperledger Fabric Gateway
[GHSA-x4q7-m6fp-4v9v] October CMS Safe Mode bypass leads to authenticated Remote Code Execution
[GHSA-5p8w-2mvw-38pv] Signature bypass via multiple root elements
[GHSA-m974-647v-whv7] Signature bypass via multiple root elements
[GHSA-4m5p-5w5w-3jcf] com.enonic.xp:lib-auth vulnerable to Session Fixation
[GHSA-jc69-hjw2-fm86] com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
[GHSA-2p3c-p3qw-69r4] The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutations
[GHSA-g3q9-xf95-8hp5] NuGet Elevation of Privilege Vulnerability
[GHSA-7fj2-rrq6-rphq] melisplatform/melis-asset-manager vulnerable to Path Traversal
[GHSA-m3m3-6gww-7gj9] melisplatform/melis-cms vulnerable to deserialization of untrusted data
[GHSA-h479-2mv4-5c26] melisplatform/melis-front vulnerable to deserialization of untrusted data
[GHSA-9pgh-qqpf-7wqj] Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in @xmldom/xmldom and xmldom
[GHSA-j4j9-7hg9-97g6] Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows
[GHSA-455w-c45v-86rg] fastify vulnerable to denial of service via malicious Content-Type
[GHSA-c6hx-pjc3-7fqr] Traefik HTTP/2 connections management could cause a denial of service
[GHSA-4mjx-2gh5-ph8h] Exposure of sensitive Slack webhook URLs in debug logs and traces
[GHSA-jjmg-x456-w976] Incorrect default cookie name and recommendation
[GHSA-pj2c-h76w-vv6f] tiny-csrf has openly visible CSRF tokens
[GHSA-p75c-5x3h-cxcg] Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
[GHSA-xrx9-gj26-5wx9] v8n vulnerable to Inefficient Regular Expression Complexity
[GHSA-8r99-h8j2-rw64] Twisted vulnerable to HTTP Request Smuggling Attacks
[GHSA-x279-68rr-jp4p] Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function
[GHSA-p658-8693-mhvg] Tendermint Core vulnerable to Uncontrolled Resource Consumption
[GHSA-9jjw-hf72-3mxw] TensorFlow vulnerable to heap out of bounds read in filesystem glob matching
[GHSA-4xqx-pqpj-9fqw] gajira-create GitHub action vulnerable to arbitrary code execution
[GHSA-9gp7-6833-wv89] etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
[GHSA-528j-9r78-wffx] etcd user credentials are stored in WAL logs in plaintext
[GHSA-4993-m7g5-r9hh] etcd has no minimum password length
[GHSA-h8g9-6gvh-5mrc] etcd vulnerable to TOCTOU of gateway endpoint authentication
[GHSA-m332-53r6-2w93] etcd’s WAL `ReadAll` method vulnerable to an entry with large index causing panic
[GHSA-8w7w-67mw-r5p7] generator-jhipster vulnerable to login check Regular Expression Denial of Service
[GHSA-398j-f7m7-795j] PHPMailer vulnerable to email header injection
[GHSA-745p-r637-7vvp] Codeigniter4’s Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
[GHSA-m5m3-46gj-wch8] SIF’s Digital Signature Hash Algorithms Not Validated
[GHSA-px9g-8hgv-jvg2] kamadak-exif vulnerable to Infinite loop when parsing PNG files
[GHSA-67×4-qr35-qvrm] FlyteAdmin’s Default OAuth Authorization Server secret must be rotated
[GHSA-h4h5-3hr4-j3g2] protobuf-java has a potential Denial of Service issue
[GHSA-mgvv-5mxp-xq67] SQLite3 addresses vulnerability in packaged version of libsqlite
[GHSA-vh7g-p26c-j2cw] Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
[GHSA-9rpw-2h95-666c] Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package
[GHSA-2jjq-x548-rhpv] isolated-vm has vulnerable CachedDataOptions in API
[GHSA-w4pr-4vjg-hffh] When matrix-nio receives forwarded room keys, the receiver doesn’t check if it requested the key from the forwarder
[GHSA-vp68-2wrm-69qm] matrix-sdk-crypto contains potential impersonation via room key forward responses
[GHSA-5w8r-8pgj-5jmf] matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
[GHSA-4rxr-27mm-mxq9] Upstash Adapter missing token verification
[GHSA-52m2-vc4m-jj33] Twig may load a template outside a configured directory when using the filesystem loader
[GHSA-gfhp-jgp6-838j] Orckestra C1 CMS’s deserialization of untrusted data allows for arbitrary code execution.
[GHSA-f36p-42jv-8rh2] Lithium vulnerable to Cross Site Scripting in provided Swagger-UI
[GHSA-fpgf-pjjv-2qgm] matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
[GHSA-2pvj-p485-cp3m] matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
[GHSA-cxgf-v2p8-7ph7] NuProcess vulnerable to command-line injection through insertion of NUL character(s)
[GHSA-r48r-j8fx-mq2c] matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
[GHSA-6263-x97c-c4gg] matrix-js-sdk subject to impersonated messages due to permissive key forwarding
[GHSA-hvv8-5v86-r45x] Improper beacon events in matrix-js-sdk can result in availability issues
[GHSA-mrgp-mrhc-5jrq] vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host
[GHSA-p6fh-xc6r-g5hw] Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
[GHSA-8fg9-p83m-x5pq] ReDoS issue in dparse

CISA Known Exploted Vulnerabilities

Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability CVE-2022-41352
Linux Kernel Privilege Escalation Vulnerability CVE-2021-3493
Fortinet Multiple Products Authentication Bypass Vulnerability CVE-2022-40684
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability CVE-2022-41033
Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2022-41082
Microsoft Exchange Server Server-Side Request Forgery Vulnerability CVE-2022-41040
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability CVE-2022-36804

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.