AdvisoryWeek
Subscribe
Archives
2021-45 - Apple, Adobe, Canonical, Red Hat, Cisco, Microsoft, GitHub
Published on November 15, 2021
Email address
Subscribe
Advisory Week
Week 45, 2021
Apple Security Advisory
iCloud for Windows 13 Security Content
Adobe Security Bulletins and Advisories
Security update available for Adobe Creative Cloud Desktop Application | APSB21-18 APSB21-111
Security Update Available for Adobe InCopy | APSB21-05 APSB21-110
Adobe Security Bulletin APSB21-87
Ubuntu Security Notices
USN-5146-1: Thunderbird vulnerabilities
USN-5145-1: PostgreSQL vulnerabilities
USN-5144-1: OpenEXR vulnerability
USN-5142-1: Samba vulnerabilities
USN-5141-1: Firejail vulnerability
LSN-0082-1: Kernel Live Patch Security Notice
USN-5137-2: Linux kernel vulnerabilities
USN-5139-1: Linux kernel (OEM 5.10) vulnerabilities
USN-5140-1: Linux kernel (OEM 5.14) vulnerabilities
USN-5138-1: python-py vulnerability
USN-5137-1: Linux kernel vulnerabilities
USN-5136-1: Linux kernel vulnerabilities
USN-5130-1: Linux kernel vulnerabilities
USN-5134-1: Docker vulnerability
USN-5135-1: Linux kernel vulnerability
Red Hat Security Advisory
(RHSA-2021:4532) Important: OpenJDK 17.0.1 security update for Portable Linux Builds
(RHSA-2021:4531) Important: OpenJDK 17.0.1 security update for Windows Builds
(RHSA-2021:4623) Important: freerdp security update
(RHSA-2021:4621) Important: freerdp security update
(RHSA-2021:4622) Important: freerdp security update
(RHSA-2021:4620) Important: freerdp security update
(RHSA-2021:4619) Important: freerdp security update
(RHSA-2021:4118) Moderate: OpenShift Container Platform 4.9.6 packages and security update
(RHSA-2021:4618) Important: Red Hat Advanced Cluster Management 2.4 images and security updates
(RHSA-2021:4614) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update
(RHSA-2021:4613) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update
(RHSA-2021:3959) Moderate: Red Hat build of Eclipse Vert.x 4.1.5 security update
(RHSA-2021:4590) Moderate: rust-toolset:rhel8 security update
(RHSA-2021:4598) Moderate: annobin security update
(RHSA-2021:4596) Moderate: binutils security update
(RHSA-2021:4602) Moderate: binutils security update
(RHSA-2021:4607) Important: firefox security update
(RHSA-2021:4601) Moderate: binutils security update
(RHSA-2021:4600) Moderate: annobin security update
(RHSA-2021:4595) Moderate: binutils security update
(RHSA-2021:4599) Moderate: annobin security update
(RHSA-2021:4597) Important: kpatch-patch security update
(RHSA-2021:4594) Moderate: gcc-toolset-11-binutils security update
(RHSA-2021:4593) Moderate: annobin security update
(RHSA-2021:4587) Moderate: gcc security update
(RHSA-2021:4592) Moderate: gcc-toolset-10-annobin security update
(RHSA-2021:4589) Moderate: gcc-toolset-10-annobin security update
(RHSA-2021:4588) Moderate: gcc-toolset-10-binutils security update
(RHSA-2021:4586) Moderate: gcc-toolset-11-gcc security update
(RHSA-2021:4585) Moderate: gcc-toolset-10-gcc security update
(RHSA-2021:4386) Low: gcc security and bug fix update
(RHSA-2021:4358) Moderate: glibc security, bug fix, and enhancement update
(RHSA-2021:4519) Moderate: autotrace security update
(RHSA-2021:4517) Moderate: vim security update
(RHSA-2021:4139) Moderate: resource-agents security, bug fix, and enhancement update
(RHSA-2021:4140) Moderate: kernel-rt security and bug fix update
Cisco Security Advisory
Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability
Microsoft Security
Azure RTOS Information Disclosure Vulnerability
Azure RTOS Information Disclosure Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Defender Remote Code Execution Vulnerability
Microsoft Word Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows Hello Security Feature Bypass Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Hyper-V Denial of Service Vulnerability
NTFS Elevation of Privilege Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Azure Sphere Information Disclosure Vulnerability
Azure Sphere Information Disclosure Vulnerability
Azure Sphere Information Disclosure Vulnerability
FSLogix Information Disclosure Vulnerability
NTFS Elevation of Privilege Vulnerability
Windows Denial of Service Vulnerability
Microsoft Edge (Chrome based) Spoofing on IE Mode
Microsoft Excel Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Protocol Client Information Disclosure Vulnerability
3D Viewer Remote Code Execution Vulnerability
3D Viewer Remote Code Execution Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Elevation of Privilege Vulnerability
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Azure RTOS Elevation of Privilege Vulnerability
Azure RTOS Elevation of Privilege Vulnerability
Azure RTOS Elevation of Privilege Vulnerability
Azure RTOS Information Disclosure Vulnerability
Azure Sphere Tampering Vulnerability
Windows Feedback Hub Elevation of Privilege Vulnerability
Chakra Scripting Engine Memory Corruption Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Microsoft COM for Windows Remote Code Execution Vulnerability
Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Windows NTFS Remote Code Execution Vulnerability
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
Power BI Report Server Spoofing Vulnerability
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Microsoft Access Remote Code Execution Vulnerability
NTFS Elevation of Privilege Vulnerability
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow
Microsoft Exchange Server Spoofing Vulnerability
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Windows Desktop Bridge Elevation of Privilege Vulnerability
Github Security Advisories
[GHSA-g9wh-3vrx-r7hg] OctoRPKI crashes when processing GZIP bomb returned via malicious repository
[GHSA-g5gj-9ggf-9vmq] Infinite certificate chain depth results in OctoRPKI running forever
[GHSA-8cvr-4rrf-f244] Infinite open connection causes OctoRPKI to hang forever
[GHSA-5mxh-2qfv-4g7j] NUL character in ROA causes OctoRPKI to crash
[GHSA-cqh2-vc2f-q4fh] Arbitrary filepath traversal via URI injection
[GHSA-w6ww-fmfx-2x22] Misconfigured IP address field in ROA leads to OctoRPKI crash
[GHSA-57wx-m983-2f88] Incomplete validation in boosted trees code
[GHSA-cq76-mxrc-vchh] Crash in `tf.math.segment_*` operations
[GHSA-m539-j985-hcr8] Crash in `max_pool3d` when size argument is 0 or negative
[GHSA-prcg-wp5q-rv7p] Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes
[GHSA-2p25-55c9-h58q] Overflow/crash in `tf.tile` when tiling tensor is large
[GHSA-5hx2-qx8j-qjqm] Overflow/crash in `tf.image.resize` when size is large
[GHSA-gh8h-7j2j-qv4f] Incomplete validation in `tf.summary.create_file_writer`
[GHSA-j86v-p27c-73fm] Unitialized access in `EinsumHelper::ParseEquation`
[GHSA-xrqm-fpgr-6hhx] Overflow/crash in `tf.range`
[GHSA-7pxj-m4jf-r6h2] Missing validation during checkpoint loading
[GHSA-786j-5qwq-r36x] Segfault while copying constant resource tensor
[GHSA-49rx-x2rw-pc6f] Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops
[GHSA-pgcq-h79j-2f69] Incomplete validation of shapes in multiple TF ops
[GHSA-7v94-64hj-m82h] FPE in `ParallelConcat`
[GHSA-6hpv-v2rx-c5g6] FPE in convolutions with zero size filters
[GHSA-m342-ff57-4jcc] Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`
[GHSA-cvgx-3v3q-m36c] Heap OOB in shape inference for `QuantizeV2`
[GHSA-fr77-rrx3-cp7g] Heap OOB read in `tf.ragged.cross`
[GHSA-h67m-xg8f-fxcf] Deadlock in mutually recursive `tf.function` objects
[GHSA-vwhq-49r4-gj9v] Reference binding to `nullptr` in `tf.ragged.cross`
[GHSA-x3v8-c8qx-3j3r] Null pointer exception in `DeserializeSparse`
[GHSA-3ff2-r28g-w7h9] Heap buffer overflow in `Transpose`
[GHSA-5crj-c72x-m7gq] Null pointer exception when `Exit` node is not preceded by `Enter` op
[GHSA-9crf-c6qr-r273] Integer division by 0 in `tf.raw_ops.AllToAll`
[GHSA-4f99-p9c2-3j8x] Undefined behavior via `nullptr` reference binding in sparse matrix multiplication
[GHSA-gpfh-jvf9-7wg5] Use after free / memory leak in `CollectiveReduceV2`
[GHSA-cqv6-3phm-hcwx] Access to invalid memory during shape inference in `Cudnn*` ops
[GHSA-cpf4-wx82-gxp6] Segfault due to negative splits in `SplitV`
[GHSA-f54p-f6jp-4rhr] Heap OOB in `FusedBatchNorm` kernels
[GHSA-rg3m-hqc5-344v] `SparseFillEmptyRows` heap OOB
[GHSA-7r94-xv9v-63jw] A use of uninitialized value vulnerability in Tensorflow
[GHSA-374m-jm66-3vj8] Heap OOB in `SparseBinCount`
[GHSA-j8c8-67vp-6mx7] Arbitrary memory read in `ImmutableConst`
[GHSA-wx8q-rgfr-cf6v] Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
[GHSA-3rcw-9p9x-582v] Code injection in `saved_model_cli`
[GHSA-j6wp-3859-vxfg] OIDC claims not updated from Identity Provider in Pomerium
[GHSA-gp2f-254m-rh32] Unauthorized access to data in @sap-cloud-sdk/core
[GHSA-jcjx-c3j3-44pr] Insufficient Session Expiration in @cyyynthia/tokenize
[GHSA-3v56-q6r6-4gcw] Insecure Inherited Permissions in neoan3-apps/template
[GHSA-35m5-8cvj-8783] Improper hashing in enrocrypt
[GHSA-26cm-qrc6-mfgj] Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker
[GHSA-3j9m-hcv9-rpj8] XSS vulnerability allowing arbitrary JavaScript execution
[GHSA-p6rw-44q7-3fw4] Stored XSS in Jupyter nbdime
[GHSA-qm7x-rc44-rrqw] Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server)
[GHSA-x4r7-m2q9-69c8] GraphiQL introspection schema template injection attack
[GHSA-cw7p-q79f-m2v7] incomplete JupyterHub logout with simultaneous JupyterLab sessions
[GHSA-862g-9h5m-m3qv] coreos-installer < 0.10.0 writes world-readable Ignition config to installed system