AdvisoryWeek
Subscribe
Archives
2021-49 - Oracle, Mozilla, Canonical, Red Hat, Cisco, Microsoft, Amazon, GitHub
Published on December 13, 2021
Email address
Subscribe
Advisory Week
Week 49, 2021
Oracle Security Alerts
Oracle Security Alert for CVE-2021-44228 - 10 December 2021
Mozilla Security Advisories
Security Vulnerabilities fixed in Thunderbird 91.4.0 mfsa2021-54
Security Vulnerabilities fixed in Firefox 95 mfsa2021-52
Security Vulnerabilities fixed in Firefox ESR 91.4.0 mfsa2021-53
Ubuntu Security Notices
USN-5186-1: Firefox vulnerabilities
USN-5183-1: BlueZ vulnerability
USN-5168-4: NSS regression
USN-5180-1: Mailman vulnerability
USN-5179-1: BusyBox vulnerabilities
USN-5178-1: Django vulnerability
USN-5142-2: Samba regressions
USN-5170-1: MariaDB vulnerability
USN-5174-1: Samba vulnerabilities
USN-5172-1: uriparser vulnerabilities
USN-5173-1: libmodbus vulnerabilities
USN-5171-1: Long Range ZIP vulnerabilities
Red Hat Security Advisory
(RHSA-2021:5070) Moderate: Red Hat OpenStack Platform 16.1 (python-django20) security update
(RHSA-2021:5065) Low: virt:av and virt-devel:av security, bug fix, and enhancement update
(RHSA-2021:5055) Important: thunderbird security update
(RHSA-2021:5048) Important: thunderbird security update
(RHSA-2021:5047) Important: thunderbird security update
(RHSA-2021:5046) Important: thunderbird security update
(RHSA-2021:5045) Important: thunderbird security update
(RHSA-2021:5038) Low: Red Hat Advanced Cluster Management 2.2.10 security updates and bug fixes
(RHSA-2021:5036) Moderate: virt:8.2 and virt-devel:8.2 security update
(RHSA-2021:5035) Critical: RHV-H security update (redhat-virtualization-host) 4.3.20
(RHSA-2021:5030) Important: java-1.8.0-ibm security update
(RHSA-2021:5016) Important: firefox security update
(RHSA-2021:5015) Important: firefox security update
(RHSA-2021:5017) Important: firefox security update
(RHSA-2021:5014) Important: firefox security update
(RHSA-2021:5013) Important: firefox security update
(RHSA-2021:5006) Critical: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.9] Async #1
(RHSA-2021:4994) Critical: nss security update
(RHSA-2021:4975) Moderate: rpm security update
(RHSA-2021:4971) Important: kpatch-patch security update
(RHSA-2021:4969) Critical: thunderbird security update
(RHSA-2021:4954) Critical: thunderbird security update
(RHSA-2021:4953) Critical: nss security update
(RHSA-2021:4946) Critical: nss security update
(RHSA-2021:4933) Critical: nss security update
(RHSA-2021:4932) Critical: nss security update
Cisco Security Advisory
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Microsoft Security
Chromium: CVE-2021-4068 Insufficient validation of untrusted input in new tab page
Chromium: CVE-2021-4067 Use after free in window manager
Chromium: CVE-2021-4066 Integer underflow in ANGLE
Chromium: CVE-2021-4065 Use after free in autofill
Chromium: CVE-2021-4064 Use after free in screen capture
Chromium: CVE-2021-4063 Use after free in developer tools
Chromium: CVE-2021-4062 Heap buffer overflow in BFCache
Chromium: CVE-2021-4061 Type Confusion in V8
Chromium: CVE-2021-4059 Insufficient data validation in loader
Chromium: CVE-2021-4058 Heap buffer overflow in ANGLE
Chromium: CVE-2021-4057 Use after free in file API
Chromium: CVE-2021-4056: Type Confusion in loader
Chromium: CVE-2021-4055 Heap buffer overflow in extensions
Chromium: CVE-2021-4054 Incorrect security UI in autofill
Chromium: CVE-2021-4053 Use after free in UI
Chromium: CVE-2021-4052 Use after free in web apps
Amazon AWS Security Advisories
Apache Log4j2 Issue (CVE-2021-44228)
Github Security Advisories
[GHSA-xxfh-x98p-j8fr] Remote code injection in Log4j (through pax-logging-log4j2)
[GHSA-wx5j-54mm-rqqq] HTTP request smuggling in io.netty:netty-codec-http
[GHSA-m3rf-7m4w-r66q] Improper Authentication in Flask-AppBuilder
[GHSA-7rg2-qxmf-hhx9] Session fixation in express-openid-connect
[GHSA-qrmm-w75w-3wpx] Server side request forgery in SwaggerUI
[GHSA-ggmr-44cv-24pm] Code injection via unsafe YAML loading
[GHSA-66hf-2p6w-jqfw] XSS in laravel/framework
[GHSA-9c4x-5hgq-q3wh] Instance config inline secret exposure
[GHSA-fj7f-vq84-fh43] Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile
[GHSA-qxmr-qxh6-2cc9] ReDos vulnerability on guest checkout email validation
[GHSA-6xxj-gcjq-wgf4] SQL injection in prestashop/prestashop
[GHSA-v95c-p5hm-xq8f] Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration
[GHSA-6r7c-6w96-8pvw] Remote Code Execution in AjaxNetProfessional
[GHSA-25mp-g6fv-mqxx] Unexpected server crash in Next.js
[GHSA-xr38-w74q-r8jv] Permissions not properly checked in Invenio-Drafts-Resources
AdvisoryWeek
