Skip to Content

Security Advisories Notices Update on 2022-12-20

Amazon AWS Security Advisories

Reported ECR Public Gallery Issue

Jenkins Security Advisories

Jenkins Security Advisory 2022-12-07

Node.js Security Advisories

OpenSSL 3.0.7 update assessment

Apple Security Advisory

macOS Ventura 13.1 Security Content
iOS 16.2 and iPadOS 16.2 Security Content
iOS 15.7.2 and iPadOS 15.7.2 Security Content
watchOS 9.2 Security Content
tvOS 16.2 Security Content
macOS Big Sur 11.7.2 Security Content
macOS Monterey 12.6.2 Security Content
Safari 16.2 Security Content
iCloud for Windows 14.1 Security Content

Cisco Security Advisory

Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability
Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability
Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability
Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability
Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability
Cisco IOS Software Network Address Translation Denial of Service Vulnerability
Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities
Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability
Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability
Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability
Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability
Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability
Cisco IOS Software Login Enhancements Login Block Denial of Service Vulnerabilities
Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability
Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities
Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
Cisco Secure Access Control System Java Deserialization Vulnerability
Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability

National Cyber Awareness System

Samba Releases Security Updates
FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food
CISA Releases Forty-One Industrial Control Systems Advisories
Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths
CISA Consolidates Twitter Accounts
CISA Adds One Known Exploited Vulnerability to Catalog
Apple Releases Security Updates for Multiple Products
Microsoft Releases December 2022 Security Updates
CISA Updates Advisory on #StopRansomware: Cuba Ransomware
Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
Mozilla Releases Security Updates for Thunderbird and Firefox
VMware Releases Security Updates for Multiple products
CISA Adds Five Known Exploited Vulnerabilities to Catalog
NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing
CISA Releases Three Industrial Control Systems Advisories
Fortinet Releases Security Updates for FortiOS
Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series
CISA Releases Phishing Infographic
CISA Releases Three Industrial Control Advisories
CISA Adds One Known Exploited Vulnerability to Catalog
#StopRansomware: Cuba Ransomware
CISA Releases Three Industrial Control Systems Advisories
CISA Releases Seven Industrial Control Systems Advisories
CISA Adds Two Known Exploited Vulnerabilities to Catalog

Mozilla Security Advisories

Security Vulnerabilities fixed in Firefox 108 mfsa2022-51
Security Vulnerabilities fixed in Firefox ESR 102.6 mfsa2022-52
Security Vulnerabilities fixed in Thunderbird 102.6 mfsa2022-53
Security Vulnerabilities fixed in Thunderbird 102.5.1 mfsa2022-50

Ubuntu Security Notices

USN-5783-1: Linux kernel (OEM) vulnerability
USN-5782-1: Firefox vulnerabilities
USN-5781-1: Emacs vulnerability
USN-5780-1: Linux kernel (OEM) vulnerabilities
USN-5779-1: Linux kernel (Azure) vulnerabilities
USN-5778-1: X.Org X Server vulnerabilities
USN-5777-1: Pillow vulnerabilities
USN-5776-1: containerd vulnerabilities
USN-5775-1: Vim vulnerabilities
USN-5774-1: Linux kernel (Azure) vulnerabilities
USN-5756-3: Linux kernel (Azure) vulnerabilities
USN-5773-1: Linux kernel (OEM) vulnerabilities
USN-5754-2: Linux kernel (Azure) vulnerabilities
USN-5772-1: QEMU vulnerabilities
USN-5771-1: Squid regression
USN-5770-1: GCC vulnerability
USN-5769-1: protobuf vulnerabilities
USN-5767-2: Python vulnerability
USN-5767-1: Python vulnerabilities
USN-5768-1: GNU C Library vulnerabilities
USN-5766-1: Heimdal vulnerability
USN-5765-1: PostgreSQL vulnerability
USN-5763-1: NumPy vulnerabilities
USN-5761-2: ca-certificates update
USN-5764-1: U-Boot vulnerabilities
USN-5762-1: GNU binutils vulnerability
USN-5761-1: ca-certificates update
USN-5760-2: libxml2 vulnerabilities
USN-5760-1: libxml2 vulnerabilities
USN-5759-1: LibBPF vulnerabilities
USN-5755-2: Linux kernel vulnerabilities
USN-5756-2: Linux kernel (GKE) vulnerabilities
USN-5758-1: Linux kernel vulnerabilities
USN-5757-2: Linux kernel vulnerabilities
USN-5757-1: Linux kernel vulnerabilities
USN-5756-1: Linux kernel vulnerabilities
USN-5755-1: Linux kernel vulnerabilities
USN-5743-2: LibTIFF vulnerability
USN-5754-1: Linux kernel vulnerabilities
USN-5753-1: snapd vulnerability
USN-5752-1: Linux kernel (Azure CVM) vulnerabilities
USN-5718-2: pixman vulnerability
USN-5750-1: GnuTLS vulnerability
USN-5749-1: libsamplerate vulnerability
USN-5728-3: Linux kernel (GCP) vulnerabilities
USN-5745-2: shadow regression
USN-5748-1: Sysstat vulnerability
USN-5747-1: Bind vulnerabilities
USN-5746-1: HarfBuzz vulnerability
USN-5689-2: Perl vulnerability
USN-5745-1: shadow vulnerability
USN-5744-1: libICE vulnerability

Red Hat Security Advisory

(RHSA-2022:8893) Moderate: OpenShift Container Platform 4.11.20 security update
(RHSA-2022:9082) Important: kpatch-patch security update
(RHSA-2022:9080) Important: thunderbird security update
(RHSA-2022:9079) Important: thunderbird security update
(RHSA-2022:9078) Important: thunderbird security update
(RHSA-2022:9077) Important: thunderbird security update
(RHSA-2022:9076) Important: thunderbird security update
(RHSA-2022:9075) Important: thunderbird security update
(RHSA-2022:9073) Moderate: nodejs:16 security, bug fix, and enhancement update
(RHSA-2022:9072) Important: firefox security update
(RHSA-2022:9071) Important: firefox security update
(RHSA-2022:9070) Important: firefox security update
(RHSA-2022:9069) Important: firefox security update
(RHSA-2022:9068) Important: firefox security update
(RHSA-2022:9067) Important: firefox security update
(RHSA-2022:9066) Important: firefox security update
(RHSA-2022:9065) Important: firefox security update
(RHSA-2022:9058) Important: prometheus-jmx-exporter security update
(RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update
(RHSA-2022:9047) Moderate: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update
(RHSA-2022:9040) Important: Red Hat Advanced Cluster Management 2.6.3 security update
(RHSA-2022:9029) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-3]
(RHSA-2022:8761) Moderate: Red Hat support for Spring Boot 2.7.2 update
(RHSA-2022:9023) Important: Red Hat build of Quarkus 2.13.5 release and security update
(RHSA-2022:8989) Important: kpatch-patch security update
(RHSA-2022:8980) Important: thunderbird security update
(RHSA-2022:8977) Moderate: dbus security update
(RHSA-2022:8978) Moderate: grub2 security and bug fix update
(RHSA-2022:8979) Important: firefox security update
(RHSA-2022:8974) Important: kernel-rt security and bug fix update
(RHSA-2022:8976) Moderate: 389-ds-base security update
(RHSA-2022:8971) Moderate: usbguard security update
(RHSA-2022:8973) Important: kernel security and bug fix update
(RHSA-2022:8965) Important: Red Hat Single Sign-On 7.6.1 security update
(RHSA-2022:8964) Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images
(RHSA-2022:8963) Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
(RHSA-2022:8962) Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
(RHSA-2022:8961) Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
(RHSA-2022:8959) Important: rh-maven36-bcel security update
(RHSA-2022:8958) Important: bcel security update
(RHSA-2022:8957) Important: Red Hat build of Quarkus Platform 2.7.6.SP3 and security update
(RHSA-2022:8941) Important: kernel-rt security and bug fix update
(RHSA-2022:8940) Important: kernel security and bug fix update
(RHSA-2022:8938) Low: Release of OpenShift Serverless 1.26.0
(RHSA-2022:8932) Low: Release of OpenShift Serverless Client kn 1.26.0
(RHSA-2022:8913) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
(RHSA-2022:8917) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
(RHSA-2022:8915) Important: Red Hat Certificate System 9.7 security update
(RHSA-2022:8889) Moderate: Openshift Logging 5.3.14 bug fix release and security update
(RHSA-2022:8902) Moderate: Red Hat Camel for Spring Boot 3.18.3 release and security update
(RHSA-2022:8841) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
(RHSA-2022:8840) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
(RHSA-2022:8900) Important: grub2 security update
(RHSA-2022:8897) Important: Red Hat OpenStack Platform 13.0 (instack-undercloud) security update
(RHSA-2022:8896) Moderate: Red Hat OpenStack Platform 13.0 (python-virtualbmc) security update
(RHSA-2022:8781) Moderate: Logging Subsystem 5.5.5 – Red Hat OpenShift security update
(RHSA-2022:8860) Moderate: Red Hat OpenStack Platform 16.1.9 (protobuf) security update
(RHSA-2022:8872) Important: Red Hat OpenStack Platform 16.1.9 (python-django20) security update
(RHSA-2022:8864) Moderate: Red Hat OpenStack Platform 16.1.9 (python-ujson) security update
(RHSA-2022:8873) Moderate: Red Hat OpenStack Platform 16.1.9 (python-oslo-utils) security update
(RHSA-2022:8868) Moderate: Red Hat OpenStack Platform 16.1.9 (python-scciclient) security update
(RHSA-2022:8867) Low: Red Hat OpenStack Platform 16.1.9 (rabbitmq-server) security update
(RHSA-2022:8861) Moderate: Red Hat OpenStack Platform 16.1.9 (numpy) security update
(RHSA-2022:8857) Moderate: Red Hat OpenStack Platform 16.2.4 (erlang) security update
(RHSA-2022:8853) Moderate: Red Hat OpenStack Platform 16.2.4 (python-django20) security update
(RHSA-2022:8856) Low: Red Hat OpenStack Platform 16.2.4 (python-django-horizon) security update
(RHSA-2022:8850) Moderate: Red Hat OpenStack Platform 16.2.4 (python-ujson) security update
(RHSA-2022:8854) Moderate: Red Hat OpenStack Platform 16.2.4 (python-scciclient) security update
(RHSA-2022:8851) Low: Red Hat OpenStack Platform 16.2.4 (rabbitmq-server) security update
(RHSA-2022:8886) Moderate: redhat-ds:11 security, bug fix, and enhancement update
(RHSA-2022:8880) Moderate: java-1.8.0-ibm security update
(RHSA-2022:8876) Moderate: Red Hat AMQ Broker 7.10.2 release and security update
(RHSA-2022:8833) Moderate: nodejs:18 security, bug fix, and enhancement update
(RHSA-2022:8832) Moderate: nodejs:18 security, bug fix, and enhancement update
(RHSA-2022:8831) Important: kpatch-patch security update
(RHSA-2022:8827) Low: RHACS 3.73 enhancement and security update
(RHSA-2022:8812) Moderate: dbus security update
(RHSA-2022:8806) Moderate: usbguard security update
(RHSA-2022:8800) Moderate: grub2 security update
(RHSA-2022:8799) Important: pki-core security update
(RHSA-2022:8793) Low: Red Hat JBoss Enterprise Application Platform 7.4.8 security update
(RHSA-2022:8791) Low: Red Hat JBoss Enterprise Application Platform 7.4.8 Security update
(RHSA-2022:8767) Important: kernel security and bug fix update
(RHSA-2022:8768) Important: kpatch-patch security update
(RHSA-2022:8765) Important: kernel-rt security and bug fix update
(RHSA-2022:8750) Moderate: OpenShift Virtualization 4.11.1 security and bug fix update
(RHSA-2022:8686) Important: kpatch-patch security update
(RHSA-2022:8685) Important: kernel security and bug fix update
(RHSA-2022:8680) Moderate: 389-ds:1.4 security update
(RHSA-2022:8679) Moderate: usbguard security update
(RHSA-2022:8673) Important: kernel-rt security and bug fix update
(RHSA-2022:8669) Important: krb5 security update
(RHSA-2022:8663) Important: krb5 security update
(RHSA-2022:8662) Important: krb5 security update
(RHSA-2022:8626) Moderate: OpenShift Container Platform 4.11.17 packages and security update
(RHSA-2022:8652) Important: Red Hat Fuse 7.11.1 release and security update
(RHSA-2022:8650) Important: varnish:6 security update
(RHSA-2022:8649) Important: varnish:6 security update
(RHSA-2022:8648) Important: krb5 security update
(RHSA-2022:8647) Important: varnish:6 security update
(RHSA-2022:8646) Important: varnish:6 security update
(RHSA-2022:8645) Important: varnish:6 security update
(RHSA-2022:8644) Important: varnish security update
(RHSA-2022:8643) Important: varnish security update
(RHSA-2022:8641) Important: krb5 security update
(RHSA-2022:8640) Important: krb5 security update
(RHSA-2022:8639) Important: krb5 security update
(RHSA-2022:8638) Important: krb5 security update
(RHSA-2022:8637) Important: krb5 security update
(RHSA-2022:8634) Moderate: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update

Microsoft Security

Microsoft December 2022 Security Update Guide
Chromium: CVE-2022-4440 Use after free in Profiles
Chromium: CVE-2022-4439 Use after free in Aura
Chromium: CVE-2022-4438 Use after free in Blink Frames
Chromium: CVE-2022-4437 Use after free in Mojo IPC
Chromium: CVE-2022-4436 Use after free in Blink Media
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Outlook for Mac Spoofing Vulnerability
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Azure Network Watcher Agent Security Feature Bypass Vulnerability
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
Raw Image Extension Remote Code Execution Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Error Reporting Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Fax Compose Form Elevation of Privilege Vulnerability
PowerShell Remote Code Execution Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
.NET Framework Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Outlook for Android Elevation of Privilege Vulnerability
Windows Kernel Denial of Service Vulnerability
Microsoft Windows Sysmon Elevation of Privilege Vulnerability
Windows Terminal Remote Code Execution Vulnerability
Windows SmartScreen Security Feature Bypass Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office OneNote Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Projected File System Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Windows Bluetooth Driver Information Disclosure Vulnerability
Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Windows Media Remote Code Execution Vulnerability
Windows Media Remote Code Execution Vulnerability
Windows Contacts Remote Code Execution Vulnerability
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Chromium: CVE-2022-4262 Type Confusion in V8
Chromium: CVE-2022-4174 Type Confusion in V8
Chromium: CVE-2022-4175 Use after free in Camera Capture
Chromium: CVE-2022-4177 Use after free in Extensions
Chromium: CVE-2022-4178 Use after free in Mojo
Chromium: CVE-2022-4179 Use after free in Audio
Chromium: CVE-2022-4180 Use after free in Mojo
Chromium: CVE-2022-4181 Use after free in Forms
Chromium: CVE-2022-4182 Inappropriate implementation in Fenced Frames
Chromium: CVE-2022-4183 Insufficient policy enforcement in Popup Blocker
Chromium: CVE-2022-4184 Insufficient policy enforcement in Autofill
Chromium: CVE-2022-4185 Inappropriate implementation in Navigation
Chromium: CVE-2022-4186 Insufficient validation of untrusted input in Downloads
Chromium: CVE-2022-4187 Insufficient policy enforcement in DevTools
Chromium: CVE-2022-4188 Insufficient validation of untrusted input in CORS
Chromium: CVE-2022-4189 Insufficient policy enforcement in DevTools
Chromium: CVE-2022-4190 Insufficient data validation in Directory
Chromium: CVE-2022-4191 Use after free in Sign-In
Chromium: CVE-2022-4192 Use after free in Live Caption
Chromium: CVE-2022-4193 Insufficient policy enforcement in File System API
Chromium: CVE-2022-4194 Use after free in Accessibility
Chromium: CVE-2022-4195 Insufficient policy enforcement in Safe Browsing
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Chromium: CVE-2022-4135 Heap buffer overflow in GPU

Google Security Advisories

Chrome Releases: Stable Channel Update for Desktop
Android Security Bulletin—December 2022 | Android Open Source Project
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop

Github Security Advisories

[GHSA-2c7v-qcjp-4mg2] .NET Remote Code Execution Vulnerability
[GHSA-67fx-wx78-jx33] Helm vulnerable to denial of service through schema file
[GHSA-53c4-hhmh-vw5q] Helm vulnerable to denial of service through through repository index file
[GHSA-6rx9-889q-vv2r] Helm vulnerable to denial of service through string value parsing
[GHSA-xqqc-c5gw-c5r5] Tendermint light client verification not taking into account chain ID
[GHSA-g8q8-fggx-9r3q] Keycloak vulnerable to path traversal via double URL encoding
[GHSA-97g8-xfvw-q4hg] Keycloak vulnerable to session takeover with OIDC offline refreshtokens
[GHSA-rrfc-7g8p-99q8] Possible XSS vulnerability with certain configurations of rails-html-sanitizer
[GHSA-9h9g-93gc-623h] Possible XSS vulnerability with certain configurations of rails-html-sanitizer
[GHSA-mcvf-2q2m-x72m] Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
[GHSA-5×79-w82f-gw8w] Inefficient Regular Expression Complexity in rails-html-sanitizer
[GHSA-3x8r-x6xp-q4vm] Uncontrolled Recursion in Loofah
[GHSA-228g-948r-83gx] Improper neutralization of data URIs may allow XSS in Loofah
[GHSA-486f-hjj9-9vhh] Inefficient Regular Expression Complexity in Loofah
[GHSA-ppjq-qxhx-m25f] Authentication Bypass for WSFed
[GHSA-8w3p-qh3x-6gjr] TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
[GHSA-c5wx-6c2c-f7rm] TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
[GHSA-mgj2-q8wp-29rr] TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
[GHSA-jfp7-79g7-89rf] TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
[GHSA-8c28-5mp7-v24h] TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
[GHSA-hvwx-qh2h-xcfj] TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
[GHSA-52h2-m2cf-9jh6] linux-loader reading beyond EOF could lead to infinite loop
[GHSA-9v25-r5q2-2p6w] Candy Machine Set Collection During Mint Missing Check
[GHSA-8r76-fr72-j32w] Creator Verification Error when Bubblegum Activate
[GHSA-6jqm-3c9g-pch7] @cubejs-backend/api-gateway row level security bypass
[GHSA-jv85-mqxj-3f9j] Sentry vulnerable to invite code reuse via cookie manipulation
[GHSA-hh82-3pmq-7frp] Netty vulnerable to HTTP Response splitting from assigning header value iterator
[GHSA-fx2c-96vj-985v] HAProxyMessageDecoder Stack Exhaustion DoS
[GHSA-mjmj-j48q-9wg2] SnakeYaml Constructor Deserialization Remote Code Execution
[GHSA-j8x2-2m5w-j939] Amazon CloudWatch Agent for Windows has Privilege Escalation Vector
[GHSA-w3x5-427h-wfq6] Spring Boot Admins integrated notifier support allows arbitrary code execution
[GHSA-w9wc-4xcq-8gr6] Akeneo PIM Community Edition vulnerable to remote php code execution
[GHSA-gg8r-xjwq-4w92] Cross-site scripting vulnerability in TinyMCE alerts
[GHSA-x39j-h85h-3f46] go-merkledag’s ProtoNode may be modified such that common method calls may panic
[GHSA-9qgp-9wwc-v29r] PrestaShop has potential Information exposure in the upload directory
[GHSA-h2ph-vhm7-g4hp] Traefik may display authorization header in the debug logs
[GHSA-468w-8×39-gj5v] Traefik routes exposed with an empty TLSOption
[GHSA-c4pm-63cg-9j7h] Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
[GHSA-qv4q-mr5r-qprj] Unchecked return value from xmlTextReaderExpand
[GHSA-f44q-634c-jvwv] libp2p DoS vulnerability from lack of resource management
[GHSA-2qjp-425j-52j9] containerd CRI stream server vulnerable to host memory exhaustion via terminal
[GHSA-j7qp-mfxf-8xjw] libp2p DoS vulnerability from lack of resource management
[GHSA-43fp-rhv2-5gv8] Certifi removing TrustCor root certificate
[GHSA-jvgw-gccv-q5p8] libp2p DoS vulnerability from lack of resource management
[GHSA-vx2x-9cff-fhjw] DSInternals Credential Roaming Elevation of Privilege Vulnerability
[GHSA-mhhf-vgwh-fw9h] Passeo uses insecure random number generator
[GHSA-xr7p-8q82-878q] teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
[GHSA-78m5-jpmf-ch7v] GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
[GHSA-x45c-cvp8-q4fm] Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
[GHSA-rf3g-v8p5-p675] NodeBB vulnerable to account takeover via prototype vulnerability
[GHSA-4v48-4q5m-8vx4] Prometheus vulnerable to basic authentication bypass
[GHSA-qqff-4vw4-f6hx] Cap’n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list
[GHSA-2r7v-cmch-5×26] muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference
[GHSA-qv6c-367r-3w6q] XBlock vulnerable to Cross-Site Scripting (XSS)
[GHSA-7rg2-cxvp-9p7p] Prometheus Exporter-Toolkit is vulnerable to authentication bypass
[GHSA-rp2v-v467-q9vq] GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
[GHSA-47xh-qxqv-mgvg] kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)
[GHSA-r3qr-vwvg-43f7] Authenticated OpenRedirect Vulnerability
[GHSA-2x8x-jmrp-phxw] Sinatra vulnerable to Reflected File Download attack
[GHSA-j2jp-wvqg-wc2g] crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
[GHSA-755v-r4x4-qf7m] Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
[GHSA-ggrh-grj3-vfvw] Package discontinued because Bitly lowered the free quota
[GHSA-395x-wv32-44v5] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
[GHSA-jf2p-4gqj-849g] Temporary File Information Disclosure vulnerability in MPXJ
[GHSA-9gh8-wp53-ccc6] ghost vulnerable to unauthorized newsletter modification via improper access controls

CISA Known Exploted Vulnerabilities

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability CVE-2022-42475
Microsoft Defender SmartScreen Security Feature Bypass Vulnerability CVE-2022-44698
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability CVE-2022-27518
Veeam Backup & Replication Remote Code Execution Vulnerability CVE-2022-26500
Veeam Backup & Replication Remote Code Execution Vulnerability CVE-2022-26501
Apple iOS Type Confusion Vulnerability CVE-2022-42856
Google Chromium V8 Type Confusion Vulnerability CVE-2022-4262
Oracle Fusion Middleware Unspecified Vulnerability CVE-2021-35587
Google Chrome Heap Buffer Overflow Vulnerability CVE-2022-4135

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.