AdvisoryWeek
Subscribe
Archives
2021-50 - Apple, Adobe, Canonical, Red Hat, Microsoft, Google, Amazon, GitHub
Published on December 20, 2021
Email address
Subscribe
Advisory Week
Week 50, 2021
Apple Security Advisory
Safari 15.2 Security Content
watchOS 8.3 Security Content
tvOS 15.2 Security Content
Security Update 2021-008 Catalina Security Content
macOS Big Sur 11.6.2 Security Content
macOS Monterey 12.1 Security Content
iOS 15.2 and iPadOS 15.2 Security Content
Adobe Security Bulletins and Advisories
Security Updates Available for Adobe Lightroom | APSB20-74 APSB21-119
Security updates available for Adobe Photoshop | APSB21-28 APSB21-113
Security Updates Available for Adobe Audition | APSB20-40 APSB21-121
Security Updates Available for Adobe Media Encoder | APSB20-57 APSB21-118
Security Updates Available for Adobe Animate | APSB21-21 APSB21-116
Security Updates Available for Adobe Prelude | APSB20-70 APSB21-114
Security update available for Adobe Connect APSB21-112
Security updates available for Adobe Experience Manager | APSB21-15 APSB21-103
Ubuntu Security Notices
USN-5201-1: Python vulnerabilities
USN-5200-1: Python vulnerabilities
USN-5199-1: Python vulnerabilities
USN-5192-2: Apache Log4j 2 vulnerability
USN-5202-1: OpenJDK vulnerabilities
USN-5198-1: HTMLDOC vulnerability
USN-5195-1: Mumble vulnerability
USN-5197-1: Apache Log4j 2 vulnerability
USN-5193-1: X.Org X Server vulnerabilities
USN-5192-1: Apache Log4j 2 vulnerability
USN-5191-1: Flatpak vulnerability
USN-5174-2: Samba regression
USN-5189-1: GLib vulnerability
USN-5142-3: Samba regression
USN-5188-1: Keepalived vulnerability
Red Hat Security Advisory
(RHSA-2021:5184) Critical: OpenShift Container Platform 4.7.40 security update
(RHSA-2021:5186) Critical: OpenShift Container Platform 4.6.52 security update
(RHSA-2021:5183) Critical: OpenShift Container Platform 4.8.24 security update
(RHSA-2021:5197) Moderate: rh-postgresql12-postgresql security update
(RHSA-2021:5195) Moderate: ipa security and bug fix update
(RHSA-2021:5192) Important: samba security and bug fix update
(RHSA-2021:5148) Critical: OpenShift Container Platform 4.8.24 extras security update
(RHSA-2021:5191) Moderate: Red Hat 3scale API Management 2.11.1 Release - Container Images
(RHSA-2021:5107) Critical: OpenShift Container Platform 4.7.40 security update
(RHSA-2021:5179) Moderate: rh-postgresql13-postgresql security update
(RHSA-2021:5176) Important: go-toolset-1.16 and go-toolset-1.16-golang security and bug fix update
(RHSA-2021:5141) Critical: OpenShift Container Platform 4.6.52 security update
(RHSA-2021:5106) Critical: OpenShift Container Platform 4.6.z security update
(RHSA-2021:5171) Moderate: nodejs:16 security, bug fix, and enhancement update
(RHSA-2021:5170) Moderate: Red Hat Single Sign-On 7.4.10 security update
(RHSA-2021:5160) Important: go-toolset:rhel8 security and bug fix update
(RHSA-2021:5154) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.10 security update
(RHSA-2021:5151) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 8
(RHSA-2021:5142) Moderate: idm:DL1 security update
(RHSA-2021:5140) Low: Red Hat JBoss Enterprise Application Platform 7.4 security update
(RHSA-2021:5138) Critical: Red Hat AMQ Streams 1.8.4 release and security update
(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)
(RHSA-2021:5134) Critical: Red Hat Fuse 7.10.0 release and security update
(RHSA-2021:5133) Critical: Red Hat AMQ Streams 1.6.5 release and security update
(RHSA-2021:5132) Critical: Red Hat Data Grid 8.2.2 security update
(RHSA-2021:5130) Critical: Red Hat Integration Camel-K 1.6.2 release and security update
(RHSA-2021:5129) Moderate: Openshift Logging security and bug update (5.3.1)
(RHSA-2021:5128) Moderate: Openshift Logging security and bug update (5.1.5)
(RHSA-2021:5127) Moderate: Openshift Logging security and bug update (5.2.4)
(RHSA-2021:5126) Critical: Red Hat Integration Camel Extensions for Quarkus GA security update
(RHSA-2021:5093) Critical: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update
(RHSA-2021:5108) Critical: OpenShift Container Platform 4.8.z security update
(RHSA-2021:5110) Moderate: Cryostat security update
(RHSA-2021:5094) Moderate: OpenShift Container Platform 3.11.z security update
(RHSA-2021:5085) Moderate: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update
(RHSA-2021:5086) Moderate: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update
(RHSA-2021:5002) Moderate: OpenShift Container Platform 4.9.11 security update
(RHSA-2021:5080) Important: mailman:2.1 security update
(RHSA-2021:5082) Important: samba security update
(RHSA-2021:5081) Important: mailman:2.1 security update
Microsoft Security
Apache Log4j Remote Code Execution Vulnerability
Microsoft SharePoint Elevation of Privilege Vulnerability
Chromium: CVE-2021-4102 Use after free in V8
Chromium: CVE-2021-4101 Heap buffer overflow in Swiftshader
Chromium: CVE-2021-4100 Object lifecycle issue in ANGLE
Chromium: CVE-2021-4099 Use after free in Swiftshader
Chromium: CVE-2021-4098 Insufficient data validation in Mojo
Visual Studio Code Spoofing Vulnerability
Microsoft Office app Remote Code Execution Vulnerability
Microsoft PowerShell Spoofing Vulnerability
Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
Microsoft BizTalk ESB Toolkit Spoofing Vulnerability
Windows AppX Installer Spoofing Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Windows Mobile Device Management Elevation of Privilege Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Visual Basic for Applications Information Disclosure Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
Microsoft Defender for IoT Information Disclosure Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Trust Center Spoofing Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows TCP/IP Driver Elevation of Privilege Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Windows Digital TV Tuner Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
VP9 Video Extensions Information Disclosure Vulnerability
NTFS Set Short Name Elevation of Privilege Vulnerability
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Windows Remote Access Elevation of Privilege Vulnerability
Windows Setup Elevation of Privilege Vulnerability
Microsoft Message Queuing Information Disclosure Vulnerability
Storage Spaces Controller Information Disclosure Vulnerability
Windows Fax Service Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Windows Event Tracing Remote Code Execution Vulnerability
Windows NTFS Elevation of Privilege Vulnerability
Windows NTFS Elevation of Privilege Vulnerability
Windows NTFS Elevation of Privilege Vulnerability
SymCrypt Denial of Service Vulnerability
Storage Spaces Controller Information Disclosure Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Bot Framework SDK Remote Code Execution Vulnerability
Windows Common Log File System Driver Information Disclosure Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Microsoft Message Queuing Information Disclosure Vulnerability
DirectX Graphics Kernel File Denial of Service Vulnerability
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability
iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution
Web Media Extensions Remote Code Execution Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
Microsoft Defender for IOT Elevation of Privilege Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
Windows Media Center Elevation of Privilege Vulnerability
Google Security Advisories
Pixel Update Bulletin—November 2021 | Android Open Source Project
Android Automotive OS Update Bulletin—December 2021 | Android Open Source Project
Pixel Update Bulletin—December 2021 | Android Open Source Project
Android Security Bulletin—November 2021 | Android Open Source Project
Android Security Bulletin—December 2021 | Android Open Source Project
Amazon AWS Security Advisories
Update for Apache Log4j2 Issue (CVE-2021-44228)
Update for Apache Log4j2 Issue (CVE-2021-44228)
Update for Apache Log4j2 Issue (CVE-2021-44228)
Update for Apache Log4j2 Issue (CVE-2021-44228)
Update for Apache Log4j2 Issue (CVE-2021-44228)
Update for Apache Log4j2 Issue (CVE-2021-44228)
Update for Apache Log4j2 Issue (CVE-2021-44228)
Update for Apache Log4j2 Issue (CVE-2021-44228)
Apache Log4j2 Issue (CVE-2021-44228)
Update for Apache Log4j2 Issue (CVE-2021-44228)
Update for Apache Log4j2 Issue (CVE-2021-44228)
Update for Apache Log4j2 Issue (CVE-2021-44228)
Github Security Advisories
[GHSA-3w6p-8f82-gw8r] Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
[GHSA-xmgj-5fh3-xjmm] Path traversal when MessageBus::Diagnostics is enabled
[GHSA-55xv-f85c-248q] Regular Expression Denial of Service (ReDoS) in jsx-slack
[GHSA-q34h-97wf-8r8j] vault-cli possible RCE when reading user-defined data
[GHSA-j7c3-96rf-jrrp] Critical vulnerability in log4j may affect generated PEAR projects
[GHSA-j5qg-w9jg-3wg3] Inability to de-op players if listed in ops.txt with non-lowercase letters
[GHSA-hwvm-vfw8-93mw] Vulnerable dependency in XTDB connector
[GHSA-2mqv-4j3r-vjvp] Open redirect in @auth0/nextjs-auth0
[GHSA-84px-q68r-2fc9] Privilege escalation in the Sulu Admin panel
[GHSA-vx6j-pjrh-vgjh] PHP file inclusion in the Sulu admin panel
[GHSA-gjrj-9rj4-pgwx] DoS Vulnerability from Upstream Actix Web Issues
[GHSA-2hfj-cxw7-g45p] Unsafe inline XSS in pasting DOM element into chat
[GHSA-9c22-pwxw-p6hx] Initializer reentrancy may lead to double initialization
[GHSA-94g7-hpv8-h9qm] Remote code injection in Log4j
[GHSA-59g4-hpg3-3gcp] Files Accessible to External Parties
[GHSA-hcxx-mp6g-6gr9] Opencast publishes global system account credentials
[GHSA-j4mm-7pj3-jf7v] HTTP Method Spoofing
[GHSA-ph98-v78f-jqrm] SQL injection in jackalope/jackalope-doctrine-dbal
[GHSA-mf4f-j588-5xm8] Apache Log4j Remote Code Execution
[GHSA-273r-rm8g-7f3x] Uncaught Exception in mercurius
[GHSA-55x5-fj6c-h6m8] HTML Cleaner allows crafted and SVG embedded scripts to pass through