Skip to Content

Security Advisories Notices Update on 2022-11-29

Amazon AWS Security Advisories

Reported AWS AppSync Issue

Jenkins Security Advisories

Jenkins Security Advisory 2022-11-15

Mozilla Security Advisories

Security Vulnerabilities fixed in Thunderbird 102.5 mfsa2022-49
Security Vulnerabilities fixed in Firefox ESR 102.5 mfsa2022-48
Security Vulnerabilities fixed in Firefox 107 mfsa2022-47

Amazon AWS Security Advisories

OpenSSL Security Advisories – November 2022

Google Security Advisories

Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Android Security Bulletin—November 2022 | Android Open Source Project
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop

Apple Security Advisory

iOS 16.1.1 and iPadOS 16.1.1 Security Content
macOS Ventura 13.0.1 Security Content
Xcode 14.1 Security Content
iOS 15.7.1 and iPadOS 15.7.1 Security Content
Safari 16.1 Security Content
iOS 16.1 and iPadOS 16 Security Content
macOS Big Sur 11.7.1 Security Content
macOS Monterey 12.6.1 Security Content
macOS Ventura 13 Security Content
tvOS 16.1 Security Content
watchOS 9.1 Security Content

National Cyber Awareness System

CISA Releases Eight Industrial Control Systems Advisories
CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain
#StopRansomware: Hive
CISA Releases Two Industrial Control Systems Advisories
Cisco Releases Security Updates for Identity Services Engine
Samba Releases Security Updates
Mozilla Releases Security Updates for Multiple Products
CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network
CISA Releases One Industrial Control Systems Advisory
CISA Has Added One Known Exploited Vulnerability to Catalog
CISA Releases SSVC Methodology to Prioritize Vulnerabilities
Cisco Releases Security Updates for Multiple Products
CISA Releases Twenty Industrial Control Systems Advisories
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
Microsoft Releases November 2022 Security Updates
VMware Releases Security Updates
Citrix Releases Security Updates for ADC and Gateway
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
Cisco Releases Security Updates for Multiple Products
Apple Releases Security Update for Xcode
CISA Releases Three Industrial Control Systems Advisories
OpenSSL Releases Security Update
CISA Upgrades to TLP 2.0
CISA Releases One Industrial Control Systems Advisory
CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication
CISA Has Added One Known Exploited Vulnerability to Catalog
Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies
VMware Releases Security Updates
CISA Releases Four Industrial Control Systems Advisories
Apple Releases Security Updates for Multiple Products
Samba Releases Security Updates
CISA Has Added One Known Exploited Vulnerability to Catalog
CISA Releases Eight Industrial Control Systems Advisories
CISA Upgrades to Version 2.0 of Traffic Light Protocol in One Week – Join Us!
CISA Adds Six Known Exploited Vulnerabilities to Catalog

Ubuntu Security Notices

USN-5743-1: LibTIFF vulnerability
USN-5742-1: JBIG-KIT vulnerability
USN-5741-1: Exim vulnerability
USN-5736-1: ImageMagick vulnerabilities
USN-5740-1: X.Org X Server vulnerabilities
USN-5739-1: MariaDB vulnerabilities
USN-5638-3: Expat vulnerability
USN-5737-1: APR-util vulnerability
USN-5735-1: Sysstat vulnerability
USN-5734-1: FreeRDP vulnerabilities
USN-5716-2: SQLite vulnerability
USN-5658-3: DHCP vulnerabilities
USN-5733-1: FLAC vulnerabilities
USN-5686-3: Git vulnerabilities
USN-5729-2: Linux kernel vulnerabilities
USN-5728-2: Linux kernel vulnerabilities
USN-5727-2: Linux kernel (GCP) vulnerabilities
USN-5686-2: Git vulnerability
USN-5732-1: Unbound vulnerability
USN-5731-1: multipath-tools vulnerabilities
USN-5730-1: WebKitGTK vulnerabilities
USN-5638-2: Expat vulnerabilities
USN-5729-1: Linux kernel vulnerabilities
USN-5728-1: Linux kernel vulnerabilities
USN-5727-1: Linux kernel vulnerabilities
USN-5726-1: Firefox vulnerabilities
LSN-0090-1: Kernel Live Patch Security Notice
USN-5625-2: Mako vulnerability
USN-5725-1: Go vulnerability
USN-5722-1: nginx vulnerabilities
USN-5723-1: Vim vulnerabilities
USN-5724-1: Thunderbird vulnerabilities
USN-5721-1: WavPack vulnerability
USN-5709-2: Firefox vulnerabilities
USN-5720-1: Zstandard vulnerabilities
USN-5719-1: OpenJDK vulnerabilities
USN-5717-1: PHP vulnerabilities
USN-5718-1: pixman vulnerability
USN-5714-1: LibTIFF vulnerabilities
USN-5658-2: DHCP vulnerabilities
USN-5716-1: SQLite vulnerability
USN-5715-1: LibRaw vulnerabilities
USN-5713-1: Python vulnerability
USN-5712-1: SQLite vulnerability
USN-5711-2: NTFS-3G vulnerability
USN-5711-1: NTFS-3G vulnerability
USN-5710-1: OpenSSL vulnerabilities
USN-5709-1: Firefox vulnerabilities
USN-5708-1: backport-iwlwifi-dkms vulnerabilities
USN-5707-1: Libtasn1 vulnerability
USN-5705-1: LibTIFF vulnerabilities
USN-5706-1: Linux kernel (Azure CVM) vulnerabilities
USN-5704-1: DBus vulnerabilities
USN-5703-1: Linux kernel (Intel IoTG) vulnerabilities
USN-5702-2: curl vulnerability
USN-5696-2: MySQL vulnerabilities
USN-5702-1: curl vulnerabilities
USN-5701-1: Jinja2 vulnerability
USN-5700-1: Linux kernel vulnerabilities
USN-5688-2: Libksba vulnerability
USN-5699-1: GNU C Library vulnerabilities
USN-5698-2: Open vSwitch vulnerability
USN-5698-1: Open vSwitch vulnerability
USN-5697-1: Barbican vulnerability
USN-5227-3: Pillow vulnerability
USN-5696-1: MySQL vulnerabilities

Red Hat Security Advisory

(RHSA-2022:8535) Moderate: OpenShift Container Platform 4.11.16 security update
(RHSA-2022:8534) Low: OpenShift Container Platform 4.11.16 security update
(RHSA-2022:8609) Important: OpenShift Virtualization 4.9.7 Images security update
(RHSA-2022:8598) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-1]
(RHSA-2022:8580) Important: firefox security update
(RHSA-2022:8561) Important: thunderbird security update
(RHSA-2022:8560) Important: hsqldb security update
(RHSA-2022:8559) Important: hsqldb security update
(RHSA-2022:8556) Important: thunderbird security update
(RHSA-2022:8555) Important: thunderbird security update
(RHSA-2022:8554) Important: firefox security update
(RHSA-2022:8553) Important: firefox security update
(RHSA-2022:8552) Important: firefox security update
(RHSA-2022:8550) Important: firefox security update
(RHSA-2022:8549) Important: firefox security update
(RHSA-2022:8548) Important: firefox security update
(RHSA-2022:8545) Important: thunderbird security update
(RHSA-2022:8544) Important: thunderbird security update
(RHSA-2022:8543) Important: thunderbird security update
(RHSA-2022:7874) Important: OpenShift Container Platform 4.8.53 bug fix and security update
(RHSA-2022:7865) Important: OpenShift Container Platform 4.10.41 security update
(RHSA-2022:8532) Important: Satellite 6.9.10 Async Security Update
(RHSA-2022:8524) Important: Red Hat Data Grid 8.4.0 security update
(RHSA-2022:8506) Important: Satellite 6.12 Release
(RHSA-2022:8502) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.3] bug fix and security update
(RHSA-2022:7435) Moderate: Logging Subsystem 5.4.8 – Red Hat OpenShift security update
(RHSA-2022:8494) Moderate: grub2 security update
(RHSA-2022:8493) Important: python3.9 security update
(RHSA-2022:8492) Important: python39:3.9 security update
(RHSA-2022:8491) Important: xorg-x11-server security update
(RHSA-2022:8453) Important: device-mapper-multipath security update
(RHSA-2022:8444) Moderate: keylime security update
(RHSA-2022:8431) Low: podman security, bug fix, and enhancement update
(RHSA-2022:8434) Moderate: dotnet7.0 security, bug fix, and enhancement update
(RHSA-2022:8420) Important: mingw-zlib security update
(RHSA-2022:8415) Low: mingw-gcc security and bug fix update
(RHSA-2022:8400) Moderate: libtirpc security update
(RHSA-2022:8418) Low: mingw-glib2 security and bug fix update
(RHSA-2022:8317) Moderate: samba security, bug fix, and enhancement update
(RHSA-2022:8393) Moderate: logrotate security update
(RHSA-2022:8385) Moderate: dhcp security and enhancement update
(RHSA-2022:8384) Moderate: harfbuzz security update
(RHSA-2022:8361) Moderate: e2fsprogs security update
(RHSA-2022:8299) Low: curl security update
(RHSA-2022:8353) Moderate: python3.9 security, bug fix, and enhancement update
(RHSA-2022:8219) Moderate: mutt security update
(RHSA-2022:8062) Moderate: unbound security, bug fix, and enhancement update
(RHSA-2022:8139) Low: wavpack security update
(RHSA-2022:8126) Moderate: ignition security, bug fix, and enhancement update
(RHSA-2022:8090) Low: runc security update
(RHSA-2022:7978) Moderate: gimp security and enhancement update
(RHSA-2022:8252) Moderate: yajl security update
(RHSA-2022:8068) Moderate: bind security update
(RHSA-2022:8054) Moderate: webkit2gtk3 security and bug fix update
(RHSA-2022:8011) Moderate: fribidi security update
(RHSA-2022:8226) Moderate: python-lxml security update
(RHSA-2022:8098) Moderate: toolbox security and bug fix update
(RHSA-2022:8070) Moderate: dnsmasq security and bug fix update
(RHSA-2022:8208) Moderate: dovecot security and enhancement update
(RHSA-2022:8207) Low: openjpeg2 security update
(RHSA-2022:8100) Low: swtpm security and bug fix update
(RHSA-2022:8197) Moderate: php security, bug fix, and enhancement update
(RHSA-2022:8008) Moderate: buildah security and bug fix update
(RHSA-2022:7979) Low: speex security update
(RHSA-2022:8078) Moderate: flac security update
(RHSA-2022:8112) Moderate: frr security, bug fix, and enhancement update
(RHSA-2022:8057) Important: grafana security, bug fix, and enhancement update
(RHSA-2022:8003) Low: libvirt security, bug fix, and enhancement update
(RHSA-2022:8222) Moderate: xorg-x11-server-Xwayland security update
(RHSA-2022:8318) Moderate: libldb security, bug fix, and enhancement update
(RHSA-2022:8022) Moderate: qt5 security and bug fix update
(RHSA-2022:8340) Moderate: freetype security update
(RHSA-2022:8096) Low: redis security and bug fix update
(RHSA-2022:8263) Important: dpdk security and bug fix update
(RHSA-2022:8267) Moderate: kernel security, bug fix, and enhancement update
(RHSA-2022:8194) Moderate: libtiff security update
(RHSA-2022:8162) Moderate: 389-ds-base security, bug fix, and enhancement update
(RHSA-2022:8067) Moderate: httpd security, bug fix, and enhancement update
(RHSA-2022:8221) Moderate: xorg-x11-server security and bug fix update
(RHSA-2022:7970) Moderate: protobuf security update
(RHSA-2022:8291) Moderate: rsync security and bug fix update
(RHSA-2022:8250) Moderate: grafana-pcp security update
(RHSA-2022:8151) Moderate: poppler security and bug fix update
(RHSA-2022:7968) Low: virt-v2v security, bug fix, and enhancement update
(RHSA-2022:7955) Moderate: skopeo security and bug fix update
(RHSA-2022:7935) Moderate: pcs security, bug fix, and enhancement update
(RHSA-2022:7950) Low: Image Builder security, bug fix, and enhancement update
(RHSA-2022:7933) Moderate: kernel-rt security and bug fix update
(RHSA-2022:7967) Moderate: qemu-kvm security, bug fix, and enhancement update
(RHSA-2022:7954) Moderate: podman security and bug fix update
(RHSA-2022:7958) Low: libguestfs security, bug fix, and enhancement update
(RHSA-2022:7959) Low: guestfs-tools security, bug fix, and enhancement update
(RHSA-2022:7928) Important: device-mapper-multipath security update
(RHSA-2022:7927) Important: libksba security update
(RHSA-2022:7434) Moderate: Logging Subsystem 5.5.4 – Red Hat OpenShift security update
(RHSA-2022:7896) Moderate: Red Hat Integration Debezium 1.9.7 security update
(RHSA-2022:6882) Moderate: Openshift Logging 5.3.13 security and bug fix release
(RHSA-2022:7887) Important: linux-firmware security update
(RHSA-2022:7885) Important: kpatch-patch security update
(RHSA-2022:7822) Low: container-tools:rhel8 security, bug fix, and enhancement update
(RHSA-2022:7790) Moderate: bind security update
(RHSA-2022:7813) Important: mingw-zlib security update
(RHSA-2022:7811) Important: mingw-expat security update
(RHSA-2022:7793) Moderate: rsync security and enhancement update
(RHSA-2022:7704) Moderate: webkit2gtk3 security and bug fix update
(RHSA-2022:7730) Moderate: libldb security, bug fix, and enhancement update
(RHSA-2022:7720) Moderate: e2fsprogs security and bug fix update
(RHSA-2022:7745) Moderate: freetype security update
(RHSA-2022:7692) Moderate: xmlrpc-c security update
(RHSA-2022:7700) Moderate: gdisk security update
(RHSA-2022:7683) Moderate: kernel security, bug fix, and enhancement update
(RHSA-2022:7472) Low: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
(RHSA-2022:7639) Moderate: openblas security update
(RHSA-2022:7648) Moderate: grafana-pcp security update
(RHSA-2022:7640) Moderate: mutt security update
(RHSA-2022:7643) Important: bind9.16 security update
(RHSA-2022:7618) Moderate: gstreamer1-plugins-good security update
(RHSA-2022:7524) Moderate: yajl security update
(RHSA-2022:7444) Moderate: kernel-rt security and bug fix update
(RHSA-2022:7583) Moderate: xorg-x11-server and xorg-x11-server-Xwayland security and bug fix update
(RHSA-2022:7633) Moderate: dnsmasq security and bug fix update
(RHSA-2022:7514) Moderate: fribidi security update
(RHSA-2022:7592) Moderate: python39:3.9 and python39-devel:3.9 security update
(RHSA-2022:7594) Moderate: poppler security and bug fix update
(RHSA-2022:7623) Moderate: dovecot security update
(RHSA-2022:7457) Moderate: container-tools:rhel8 security, bug fix, and enhancement update
(RHSA-2022:7529) Moderate: container-tools:3.0 security update
(RHSA-2022:7541) Low: redis:6 security, bug fix, and enhancement update
(RHSA-2022:7622) Moderate: unbound security, bug fix, and enhancement update
(RHSA-2022:7461) Moderate: libreoffice security update
(RHSA-2022:7482) Moderate: qt5 security, bug fix, and enhancement update
(RHSA-2022:7469) Moderate: container-tools:4.0 security and bug fix update
(RHSA-2022:7585) Moderate: libtiff security update
(RHSA-2022:7558) Low: wavpack security update
(RHSA-2022:7447) Moderate: pcs security, bug fix, and enhancement update
(RHSA-2022:7470) Important: pki-core:10.6 and pki-deps:10.6 security and bug fix update
(RHSA-2022:7464) Moderate: protobuf security update
(RHSA-2022:7581) Moderate: python38:3.8 and python38-devel:3.8 security update
(RHSA-2022:7417) Moderate: Red Hat Single Sign-On 7.6.1 security update
(RHSA-2022:7411) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
(RHSA-2022:7409) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
(RHSA-2022:7410) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
(RHSA-2022:7407) Moderate: Service Binding Operator 1.3.1 security update
(RHSA-2022:7216) Important: OpenShift Container Platform 4.9.51 bug fix and security update
(RHSA-2022:7384) Critical: openssl-container security update
(RHSA-2022:7344) Important: kpatch-patch security update
(RHSA-2022:7343) Important: pcs security update
(RHSA-2022:7340) Moderate: php-pear security update
(RHSA-2022:7337) Important: kernel security and bug fix update
(RHSA-2022:7338) Important: kernel-rt security and bug fix update
(RHSA-2022:7323) Moderate: python3.9 security update
(RHSA-2022:7330) Important: kpatch-patch security update
(RHSA-2022:7329) Moderate: lua security update
(RHSA-2022:7319) Important: kernel-rt security and bug fix update
(RHSA-2022:7326) Important: pki-core security update
(RHSA-2022:7314) Moderate: zlib security update
(RHSA-2022:7318) Important: kernel security, bug fix, and enhancement update
(RHSA-2022:7313) Moderate: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes
(RHSA-2022:7273) Moderate: Red Hat JBoss Web Server 5.7.0 release and security update
(RHSA-2022:7272) Moderate: Red Hat JBoss Web Server 5.7.0 release and security update
(RHSA-2022:7211) Important: OpenShift Container Platform 4.10.39 bug fix and security update
(RHSA-2022:7201) Important: OpenShift Container Platform 4.11.12 security update
(RHSA-2022:7288) Important: openssl security update
(RHSA-2022:7279) Important: kernel security and bug fix update
(RHSA-2022:7280) Important: kernel-rt security and bug fix update
(RHSA-2022:7283) Important: libksba security update
(RHSA-2022:7276) Moderate: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates
(RHSA-2022:7268) Important: Red Hat OpenStack Platform 13.0 (openvswitch2.11) security update
(RHSA-2022:7261) Moderate: OpenShift API for Data Protection (OADP) 1.0.5 security and bug fix update
(RHSA-2022:7257) Low: Red Hat Integration Camel-K 1.8.1 security update
(RHSA-2022:7242) Important: Satellite 6.11.4 Async Security Update
(RHSA-2022:7238) Important: Red Hat OpenStack Platform (puppet-mysql) security update
(RHSA-2022:7143) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
(RHSA-2022:7144) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
(RHSA-2022:7209) Important: libksba security update
(RHSA-2022:7192) Important: device-mapper-multipath security update
(RHSA-2022:7191) Important: device-mapper-multipath security update
(RHSA-2022:7190) Important: thunderbird security update
(RHSA-2022:7188) Important: device-mapper-multipath security update
(RHSA-2022:7187) Important: device-mapper-multipath security update
(RHSA-2022:7186) Important: device-mapper-multipath security update
(RHSA-2022:7185) Important: device-mapper-multipath security update
(RHSA-2022:7184) Important: thunderbird security update
(RHSA-2022:7183) Important: thunderbird security update
(RHSA-2022:7181) Important: thunderbird security update
(RHSA-2022:7182) Important: thunderbird security update
(RHSA-2022:7178) Important: thunderbird security update
(RHSA-2022:7177) Important: Red Hat Camel for Spring Boot 3.14.5 release and security update
(RHSA-2022:7173) Important: kpatch-patch security update
(RHSA-2022:7171) Important: kernel security and bug fix update
(RHSA-2022:7146) Important: kernel security update
(RHSA-2022:7129) Moderate: git-lfs security and bug fix update
(RHSA-2022:6735) Moderate: java-1.8.0-ibm security update
(RHSA-2022:7128) Moderate: postgresql:12 security update
(RHSA-2022:7137) Important: kpatch-patch security update
(RHSA-2022:7133) Moderate: 389-ds:1.4 security update
(RHSA-2022:7134) Important: kernel-rt security and bug fix update
(RHSA-2022:7119) Moderate: mysql:8.0 security, bug fix, and enhancement update
(RHSA-2022:7111) Moderate: samba security and bug fix update
(RHSA-2022:7105) Moderate: gnutls security update
(RHSA-2022:7106) Moderate: zlib security update
(RHSA-2022:7108) Moderate: sqlite security update
(RHSA-2022:7110) Important: kernel security, bug fix, and enhancement update
(RHSA-2022:7087) Moderate: 389-ds-base security and bug fix update
(RHSA-2022:7090) Important: libksba security update
(RHSA-2022:7089) Important: libksba security update
(RHSA-2022:7088) Important: libksba security update
(RHSA-2022:7086) Moderate: pki-core security update
(RHSA-2022:7077) Moderate: Red Hat Certificate System 9.7 CVE bug fix update

Node.js Security Advisories

Nov 3 2022 Security Releases
OpenSSL November Security Release
OpenSSL and zlib update assessment, and Node.js Assessment workflow

Cisco Security Advisory

Cisco Identity Services Engine Vulnerabilities
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Client Denial of Service Vulnerability
Multiple Cisco Products Snort SMB2 Detection Engine Policy Bypass and Denial of Service Vulnerabilities
Cisco Secure Firewall 3100 Series Secure Boot Bypass Vulnerability
Cisco Firepower Threat Defense Software SIP and Snort 3 Detection Engine Denial of Service Vulnerability
Cisco Firepower Threat Defense Software SSL Decryption Policy Bleichenbacher Attack Vulnerability
Cisco Firepower Threat Defense Software Privilege Escalation Vulnerability
Cisco Firepower Threat Defense Software Generic Routing Encapsulation Denial of Service Vulnerability
Cisco Firepower Threat Defense Software and Cisco FXOS Software Command Injection Vulnerability
Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software SNMP Default Credential Vulnerability
Cisco Firepower Management Center Software XML External Entity Injection Vulnerability
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
Cisco Firepower Management Center Software Information Disclosure Vulnerability
Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability
Cisco Firepower Management Center Software Command Injection Vulnerabilities
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN Authorization Bypass Vulnerability
Cisco Identity Services Engine Path Traversal Vulnerability
Cisco Identity Services Engine Software Resource Exhaustion Vulnerability
Cisco Email Security Appliance and Cisco Secure Email and Web Manager HTTP Response Header Injection Vulnerability
Cisco Umbrella Stored Cross-Site Scripting Vulnerability
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
Cisco Identity Services Engine Insufficient Access Control Vulnerability
Cisco BroadWorks CommPilot Application Software Vulnerabilities
Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Information Disclosure Vulnerability
Cisco Email Security Appliance Denial of Service Vulnerability
Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management Vulnerabilities
OpenSSL Project Notification on Critical Vulnerability Fixed in Version 3.0.7
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability

Microsoft Security

Chromium: CVE-2022-3890 Heap buffer overflow in Crashpad
Chromium: CVE-2022-3889 Type Confusion in V8
Chromium: CVE-2022-3888 Use after free in WebCodecs
Chromium: CVE-2022-3887 Use after free in Web Workers
Chromium: CVE-2022-3886 Use after free in Speech Recognition
Chromium: CVE-2022-3885 Use after free in V8
AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
Azure CycleCloud Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows Network Address Translation (NAT) Denial of Service Vulnerability
Windows Overlay Filter Elevation of Privilege Vulnerability
Windows Overlay Filter Elevation of Privilege Vulnerability
.NET Framework Information Disclosure Vulnerability
GitHub: CVE-2022-39327 Improper Control of Generation of Code (‘Code Injection’) in Azure CLI
Microsoft Windows Sysmon Elevation of Privilege Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Windows Scripting Languages Remote Code Execution Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Netlogon RPC Elevation of Privilege Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Mark of the Web Security Feature Bypass Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Mark of the Web Security Feature Bypass Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows Kerberos Denial of Service Vulnerability
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability
Windows Human Interface Device Information Disclosure Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability
BitLocker Security Feature Bypass Vulnerability
Windows HTTP.sys Elevation of Privilege Vulnerability
Microsoft Word Information Disclosure Vulnerability
Microsoft Word Information Disclosure Vulnerability
Microsoft Word Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Information Disclosure Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Microsoft Business Central Information Disclosure Vulnerability
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Bind Filter Driver Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Scripting Languages Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun
OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun
Chromium: CVE-2022-3723 Type Confusion in V8
Chromium: CVE-2022-3661 Insufficient data validation in Extensions
Chromium: CVE-2022-3660 Inappropriate implementation in Full screen mode
Chromium: CVE-2022-3657 Use after free in Extensions
Chromium: CVE-2022-3656 Insufficient data validation in File System
Chromium: CVE-2022-3655 Heap buffer overflow in Media Galleries
Chromium: CVE-2022-3654 Use after free in Layout
Chromium: CVE-2022-3653 Heap buffer overflow in Vulkan
Chromium: CVE-2022-3652 Type Confusion in V8

Github Security Advisories

[GHSA-562r-vg33-8x8h] TemporaryFolder on unix-like systems does not limit access to created files
[GHSA-gpv5-rp6w-58r8] Remote code execution vulnerability in dependency System.Drawing.Common
[GHSA-8w5g-3wcv-9g2j] Tensorflow vulnerable to Out-of-Bounds Read
[GHSA-r7qp-cfhv-p84w] Uncaught exception in engine.io
[GHSA-7x4w-j98p-854x] Cross site scripting vulnerability with discussion titles
[GHSA-cqvq-fvhr-v6hc] `CHECK` failure in `SobolSample` via missing validation
[GHSA-xf83-q765-xm6m] `CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
[GHSA-q6jp-gcww-8v2j] Missing Authorization in Filter Stream Converter Application
[GHSA-p88w-fhxw-xvcc] Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
[GHSA-p2x4-6ghr-6vmq] Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
[GHSA-6w8h-26xx-cf8q] Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) in org.xwiki.platform:xwiki-platform-menu-ui
[GHSA-q2hm-2h45-v5g3] Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
[GHSA-4x5r-6v26-7j4v] Creation of new database tables through login form on PostgreSQL
[GHSA-5j7g-cf6r-g2h7] Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) in xwiki-platform-icon-ui
[GHSA-p5v9-g8w8-5q4v] Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
[GHSA-2gj2-vj98-j2qq] Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
[GHSA-9hqh-fmhg-vq2j] Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) in AttachmentSelector.xml
[GHSA-mq7h-5574-hw9f] Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
[GHSA-qccm-wmcq-pwr6] Tailscale daemon is vulnerable to information disclosure via CSRF
[GHSA-vqp6-rc3h-83cp] Tailscale Windows daemon is vulnerable to RCE via CSRF
[GHSA-442f-wcwq-fpcf] Prevent RCE when deserializing untrusted user input
[GHSA-pp3f-xrw5-q5j4] Lancet vulnerable to path traversal when unzipping files
[GHSA-3fjj-p79j-c9hh] Fastify: Incorrect Content-Type parsing can lead to CSRF attack
[GHSA-pf36-r9c6-h97j] Invalid char to bool conversion when printing a tensor
[GHSA-frqp-wp83-qggv] Heap overflow in `QuantizeAndDequantizeV2`
[GHSA-rjx6-v474-2ch9] Segfault in `CompositeTensorVariantToComponents`
[GHSA-mv77-9g28-cwg3] `CHECK` fail via inputs in `PyFunc`
[GHSA-368v-7v32-52fx] Overflow in `ResizeNearestNeighborGrad`
[GHSA-cg88-rpvp-cjv5] Out of bounds write in grappler in Tensorflow
[GHSA-g9fm-r5mm-rf9f] `CHECK_EQ` fail via input in `SparseMatrixNNZ`
[GHSA-xvwp-h6jv-7472] FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess
[GHSA-27rc-728f-x5w2] `CHECK` fail via inputs in `SdcaOptimizer`
[GHSA-hq7g-wwwp-q46h] `CHECK` fail via inputs in `SparseFillEmptyRowsGrad`
[GHSA-f2w8-jw48-fr7j] `FractionalMaxPoolGrad` Heap out of bounds read
[GHSA-rmg2-f698-wq35] `tf.raw_ops.Mfcc` crashes
[GHSA-gq2j-cr96-gvqx] `MirrorPadGrad` heap out of bounds read
[GHSA-h6q3-vv32-2cq5] Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite
[GHSA-67pf-62xr-q35m] `CHECK_EQ` fail in `tf.raw_ops.TensorListResize`
[GHSA-66vq-54fq-6jvv] Segfault in `tf.raw_ops.TensorListConcat`
[GHSA-h246-cgh4-7475] `CHECK` fail in `BCast` overflow
[GHSA-xxcj-rhqg-m46g] Segfault via invalid attributes in `pywrap_tfe_src.cc`
[GHSA-6×99-gv2v-q76v] FPE in `tf.image.generate_bounding_box_proposals`
[GHSA-8fvv-46hw-vpg3] Overflow in `tf.keras.losses.poisson`
[GHSA-54pp-c6pp-7fpx] Overflow in `ImageProjectiveTransformV2`
[GHSA-762h-vpvw-3rcx] Overflow in `FusedResizeAndPadConv2D`
[GHSA-jq6x-99hj-q636] Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
[GHSA-w58w-79xv-6vcj] Out of bounds segmentation fault due to unequal op inputs in Tensorflow
[GHSA-3w3h-7xgx-grwc] Leakage Aliyun KeySecret
[GHSA-6cqj-6969-p57x] Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
[GHSA-672p-m5jq-mrh8] Insufficient Verification of Proofs generated by the immudb server in client SDK.
[GHSA-hc82-w9v8-83pr] Witness Block Parsing DoS Vulnerability
[GHSA-m5xf-x7q6-3rm7] List helm chart endpoint of VelaUX APIserver has SSRF vulnerability
[GHSA-xx6g-jj35-pxjv] Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled
[GHSA-prjq-f4q3-fvfr] gosaml2 is vulnerable to NULL Pointer Dereference
[GHSA-gmpq-xrxj-xh8m] Arches vulnerable to execution of arbitrary SQL
[GHSA-vp35-85q5-9f25] Container build can leak any path on the host into the container
[GHSA-99r3-xmmq-7q7g] eZ Platform users with the Company admin role can assign any role to any user
[GHSA-8h83-chh2-fchp] eZ Platform users with the Company admin role can assign any role to any user
[GHSA-446q-xxg5-3vhh] eZ Platform users with the Company admin role can assign any role to any user
[GHSA-pcpm-vc4v-cmvx] eZ Platform users with the Company admin role can assign any role to any user
[GHSA-g6jc-xrc3-4wwq] Ibexa DXP users with the Company admin role can assign any role to any user
[GHSA-394j-x37r-2q27] Ibexa DXP users with the Company admin role can assign any role to any user
[GHSA-7644-cxp8-h23r] ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname
[GHSA-c7pc-pgf6-mfh5] ezplatform-graphql GraphQL queries can expose password hashes
[GHSA-58h5-h554-429q] ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
[GHSA-3p7g-wrgg-wq45] GraphQL queries can expose password hashes
[GHSA-rc39-g977-687w] Use of unclaimed s3 bucket in tests and examples
[GHSA-wh6w-3828-g9qf] Wasmtime may have data leakage between instances in the pooling allocator
[GHSA-44mr-8vmm-wjhg] Wasmtime out of bounds read/write with zero-memory-pages configuration
[GHSA-98pf-gfh3-x3mp] Read the Docs vulnerable to Cross-Site Scripting (XSS)
[GHSA-3qmc-2r76-4rqp] Redwood is vulnerable to account takeover via dbAuth “forgot-password”
[GHSA-93vw-8fm5-p2jf] Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
[GHSA-p2jh-44qj-pf2v] Exfiltration of hashed SMB credentials on Windows via file:// redirect
[GHSA-6c6p-h79f-g6p4] Istio may allow identity impersonation if user has localhost access
[GHSA-xprv-wvh7-qqqx] Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
[GHSA-5m7g-pj8w-7593] Vela Insecure Defaults
[GHSA-p72g-cgh9-ghjg] Failing DTLS handshakes may cause throttling to block processing of records
[GHSA-8g2p-5pqh-5jmc] .NET Information Disclosure Vulnerability
[GHSA-3gfj-fxx4-f22w] OpenFGA Authorization Bypass
[GHSA-r4jg-5v89-9v62] Octocat.js vulnerable to code injection
[GHSA-q9wv-22m9-vhqh] Tauri Filesystem Scope can be Partially Bypassed
[GHSA-prm5-8g2m-24gg] Remote code execution via MongoDB BSON parser through prototype pollution
[GHSA-4pcg-wr6c-h9cq] fastify/websocket vulnerable to uncaught exception via crash on malformed packet
[GHSA-m7gv-v8xx-v47w] XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
[GHSA-25mx-2mxm-6343] @keystone-6/core’s NODE_ENV defaults to development with esbuild
[GHSA-8r69-3cvp-wxc3] Batched HTTP requests may set incorrect `cache-control` response header
[GHSA-fppq-mj76-fpj2] fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
[GHSA-mcmr-49×3-4jqm] ckb type_id script resume may randomly fail
[GHSA-7fw6-6mfj-g3q2] ckb: Transaction header_deps validation issue (network forking)
[GHSA-9mfc-chwf-7whf] ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.
[GHSA-39hc-v87j-747x] Vulnerable OpenSSL included in cryptography wheels
[GHSA-rcrx-fpjp-mfrw] Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
[GHSA-8q72-6qq8-xv64] phpCAS vulnerable to Service Hostname Discovery Exploitation
[GHSA-crh6-fp67-6883] xmldom allows multiple root nodes in a DOM
[GHSA-r8gm-v65f-c973] acryl-datahub missing JWT signature check
[GHSA-pmw9-567p-68pc] OctoRPKI crashes when max iterations is reached
[GHSA-9398-5ghf-7pr6] conduit-hyper vulnerable to Denial of Service from unchecked request length
[GHSA-5qxq-vgmm-q39m] RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
[GHSA-hff2-x2j9-gxgv] Keylime: unhandled exceptions could lead to invalid attestation states
[GHSA-3fh5-q6fg-w28q] Prototype pollution in Snowboard framework
[GHSA-vg46-2rrj-3647] Twisted vulnerable to NameVirtualHost Host header injection
[GHSA-m678-f26j-3hrp] Execution with Unnecessary Privileges in JupyterApp
[GHSA-cr84-xvw4-qx3c] Inefficient Regular Expression Complexity in shescape
[GHSA-hhc4-47rh-cr34] Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)
[GHSA-7gc4-r5jr-9hxv] Gin-vue-admin subject to Remote Code Execution via file upload vulnerability
[GHSA-f2rj-m42r-6jm2] Skipper vulnerable to SSRF via X-Skipper-Proxy
[GHSA-c33w-pm52-mqvf] @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details
[GHSA-vj4m-83m8-xpw5] OpenFGA Authorization Bypass via tupleset wildcard
[GHSA-f4mm-2r69-mg5f] OpenFGA Authorization Bypass
[GHSA-95×7-mh78-7w2r] OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
[GHSA-47xc-9rr2-q7p4] Improper Control of Generation of Code (‘Code Injection’) in Azure CLI
[GHSA-2c6m-6gqh-6qg3] Docker Command Escaping in the GitHub Actions Runner
[GHSA-rh58-r7jh-xhx3] .NET Core Elevation of Privilege Vulnerability

CISA Known Exploted Vulnerabilities

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability CVE-2022-41049
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability CVE-2022-41091
Microsoft Windows Print Spooler Privilege Escalation Vulnerability CVE-2022-41073
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability CVE-2022-41125
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability CVE-2022-41128
Samsung Mobile Devices Improper Access Control Vulnerability CVE-2021-25337
Samsung Mobile Devices Improper Access Control Vulnerability CVE-2021-25369
Samsung Mobile Devices Memory Corruption Vulnerability CVE-2021-25370
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability CVE-2020-3433
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability CVE-2020-3153
GIGABYTE Multiple Products Privilege Escalation Vulnerability CVE-2018-19323
GIGABYTE Multiple Products Code Execution Vulnerability CVE-2018-19322
GIGABYTE Multiple Products Privilege Escalation Vulnerability CVE-2018-19321
GIGABYTE Multiple Products Unspecified Vulnerability CVE-2018-19320
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability CVE-2022-42827
Google Chromium V8 Type Confusion Vulnerability CVE-2022-3723

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.