Skip to Content

Security Advisories Notices Update on 2023-01-10

National Cyber Awareness System

CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Releases Three Industrial Systems Control Advisories
Fortinet Releases Security Updates for FortiADC

Ubuntu Security Notices

USN-5794-1: Linux kernel (AWS) vulnerabilities
USN-5793-1: Linux kernel vulnerabilities
USN-5792-1: Linux kernel vulnerabilities
USN-5791-1: Linux kernel vulnerabilities
USN-5790-1: Linux kernel vulnerabilities
USN-5789-1: Linux kernel (OEM) vulnerabilities
USN-5788-1: curl vulnerabilities
USN-5782-2: Firefox regressions
USN-5787-1: Libksba vulnerability
USN-5786-1: GNOME Files vulnerability
USN-5785-1: FreeRADIUS vulnerabilities
USN-5784-1: usbredir vulnerability

Red Hat Security Advisory

(RHSA-2022:9111) Important: OpenShift Container Platform 4.9.54 bug fix and security update
(RHSA-2022:9110) Important: OpenShift Container Platform 4.9.54 packages and security update
(RHSA-2022:9098) Important: OpenShift Container Platform 4.10.46 packages and security update
(RHSA-2023:0021) Important: webkit2gtk3 security update
(RHSA-2023:0016) Important: webkit2gtk3 security update
(RHSA-2022:9108) Important: OpenShift Container Platform 4.11.21 extras and security update
(RHSA-2022:9107) Moderate: OpenShift Container Platform 4.11.21 bug fix and security update
(RHSA-2023:0005) Important: bcel security update

Github Security Advisories

[GHSA-7rrj-xr53-82p7] Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe
[GHSA-54w6-vxfh-fw7f] Http4s improperly parses User-Agent and Server headers
[GHSA-vjhf-8vqx-vqpq] KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
[GHSA-6mjp-2rm6-9g85] XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery (CSRF)
[GHSA-h857-2g56-468g] @mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
[GHSA-c653-6hhg-9×92] go-ipld-prime/codec/json may panic if asked to encode bytes
[GHSA-5pq7-52mg-hr42] httparty has multipart/form-data request tampering vulnerability
[GHSA-j94p-hv25-rm5g] Apiman has potential permissions bypass
[GHSA-q2fj-6h62-59m2] Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue
[GHSA-9p62-x3c5-hr5p] Path Traversal In MeterSpere leads to upload file to any path
[GHSA-f8cc-g7j8-xxpm] XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
[GHSA-4fv8-w65m-3932] efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts
[GHSA-p228-4mrh-ww7r] Elrond-GO processing: fallback search of SCRs when not found in the main cache
[GHSA-xv6x-456v-24xh] gotify/server vulnerable to Cross-site Scripting in the application image file upload
[GHSA-9c47-m6qq-7p4h] Prototype Pollution in JSON5 via Parse Method
[GHSA-9h6h-9g78-86f7] Yapscan’s report receiver server vulnerable to path traversal and log injection
[GHSA-cm9x-c3rh-7rc4] CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
[GHSA-j563-grx4-pjpv] XStream can cause Denial of Service via stack overflow
[GHSA-c5hg-mr8r-f6jp] Hazelcast connection caching

CISA Known Exploted Vulnerabilities

TIBCO JasperReports Server Information Disclosure Vulnerability CVE-2018-5430
TIBCO JasperReports Library Directory Traversal Vulnerability CVE-2018-18809

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on