AdvisoryWeek
Subscribe
Archives
2022-15 - Adobe, Canonical, Red Hat, Cisco, Microsoft, Amazon, GitHub
Published on April 18, 2022
Email address
Subscribe
Advisory Week
Week 15, 2022
Adobe Security Bulletins and Advisories
Security updates available for Adobe Photoshop | APSB21-28 APSB22-20
Security Updates Available for Magento | APSB21-08 APSB22-13
Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-16
Ubuntu Security Notices
USN-5378-4: Gzip vulnerability
USN-5378-3: XZ Utils vulnerability
USN-5378-2: XZ Utils vulnerability
USN-5378-1: Gzip vulnerability
USN-5377-1: Linux kernel (BlueField) vulnerabilities
USN-5376-1: Git vulnerability
USN-5372-1: Subversion vulnerabilities
USN-5371-1: nginx vulnerabilities
USN-5374-1: libarchive vulnerability
USN-5373-2: Django vulnerabilities
USN-5373-1: Django vulnerabilities
USN-5331-2: tcpdump vulnerabilities
Red Hat Security Advisory
(RHSA-2022:1379) Low: Red Hat Decision Manager 7.12.1 security update
(RHSA-2022:1378) Low: Red Hat Process Automation Manager 7.12.1 security update
(RHSA-2022:1373) Important: kpatch-patch security update
(RHSA-2022:1372) Important: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update
(RHSA-2022:1361) Important: Red Hat OpenShift Data Foundation 4.10.0 RPM security,enhancement&bugfix update
(RHSA-2022:1360) Low: Red Hat Fuse 7.10.2 release and security update
(RHSA-2022:1354) Moderate: rh-dotnet31-curl security update
(RHSA-2022:1248) Important: OpenShift Container Platform 4.7.48 packages and security update
(RHSA-2022:1345) Moderate: Red Hat AMQ Streams 2.1.0 release and security update
(RHSA-2022:1179) Important: Red Hat support for Spring Boot 2.5.10 update
(RHSA-2022:1333) Low: Red Hat Integration Camel-K 1.6.5 security update
(RHSA-2022:1329) Moderate: OpenShift Virtualization 4.8.5 RPMs security update
(RHSA-2022:1324) Important: kernel security and bug fix update
(RHSA-2022:1326) Important: thunderbird security update
(RHSA-2022:1154) Important: OpenShift Container Platform 4.8.36 security update
(RHSA-2022:1153) Important: OpenShift Container Platform 4.8.36 security update
(RHSA-2022:1309) Important: expat security update
(RHSA-2022:1305) Important: thunderbird security update
(RHSA-2022:1306) Low: Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security update
(RHSA-2022:1302) Important: thunderbird security update
(RHSA-2022:1301) Important: thunderbird security update
(RHSA-2022:1303) Important: thunderbird security update
(RHSA-2022:1299) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
(RHSA-2022:1296) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
(RHSA-2022:1297) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
(RHSA-2022:1166) Important: OpenShift Container Platform 4.7.47 bug fix and security update
(RHSA-2022:1292) Low: Release of OpenShift Serverless 1.21.1
(RHSA-2022:1291) Low: Release of OpenShift Serverless Client kn 1.21.1
Cisco Security Advisory
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability
Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability
Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities
Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability
Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability
Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability
Cisco IOx Application Hosting Environment Vulnerabilities
Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability
Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability
Cisco IOS XE Software IPSec Denial of Service Vulnerability
Cisco SD-WAN Solution Improper Access Control Vulnerability
Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
Cisco SD-WAN vManage Software Information Disclosure Vulnerability
Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
Cisco IOS XE Software Web UI API Injection Vulnerability
Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability
Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability
Microsoft Security
Chromium: CVE-2022-1314 Type Confusion in V8
Chromium: CVE-2022-1313 Use after free in tab groups
Chromium: CVE-2022-1312 Use after free in storage
Chromium: CVE-2022-1310 Use after free in regular expressions
Chromium: CVE-2022-1309 Insufficient policy enforcement in developer tools
Chromium: CVE-2022-1308 Use after free in BFCache
Chromium: CVE-2022-1307 Inappropriate implementation in full screen
Chromium: CVE-2022-1306 Inappropriate implementation in compositing
Chromium: CVE-2022-1305 Use after free in storage
Chromium: CVE-2022-1364: Type Confusion in V8
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
YARP Denial of Service Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
Skype for Business Information Disclosure Vulnerability
Skype for Business and Lync Spoofing Vulnerability
Azure SDK for .NET Information Disclosure Vulnerability
.NET Framework Denial of Service Vulnerability
Windows LDAP Denial of Service Vulnerability
DiskUsage.exe Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Information Disclosure Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows File Explorer Elevation of Privilege Vulnerability
Windows Work Folder Service Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
Windows Server Service Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows ALPC Elevation of Privilege Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
Cluster Client Failover (CCF) Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Local Security Authority (LSA) Remote Code Execution Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows LDAP Remote Code Execution Vulnerability
Windows Fax Compose Form Remote Code Execution Vulnerability
Windows Fax Compose Form Remote Code Execution Vulnerability
Windows Fax Compose Form Remote Code Execution Vulnerability
Windows Secure Channel Denial of Service Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows User Profile Service Elevation of Privilege Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Information Disclosure Vulnerability
Azure Site Recovery Information Disclosure Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
PowerShell Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows AppX Package Manager Elevation of Privilege Vulnerability
Microsoft Defender Denial of Service Vulnerability
Windows Kerberos Remote Code Execution Vulnerability
Local Security Authority (LSA) Elevation of Privilege Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Win32 Stream Enumeration Remote Code Execution Vulnerability
Win32 File Enumeration Remote Code Execution Vulnerability
Remote Desktop Protocol Remote Code Execution Vulnerability
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Power BI Spoofing Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account
GitHub: Uncontrolled search for the Git directory in Git for Windows
Windows Graphics Component Remote Code Execution Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows iSCSI Target Service Information Disclosure Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Windows Direct Show - Remote Code Execution Vulnerability
Windows Upgrade Assistant Remote Code Execution Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Windows Telephony Server Elevation of Privilege Vulnerability
Windows SMB Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Visual Studio Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Win32 Stream Enumeration Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Amazon AWS Security Advisories
Reported AWS Desktop VPN Client for Windows Issue
Reported Amazon RDS PostgreSQL issue
Github Security Advisories
[GHSA-cqcc-mm6x-vmvw] Persistent Cross-site Scripting vulnerability in PrivateBin
[GHSA-gx8x-g87m-h5q6] Denial of Service (DoS) in Nokogiri on JRuby
[GHSA-xxx9-3xcr-gjj3] XML Injection in Xerces Java affects Nokogiri
[GHSA-v6gp-9mmm-c6p5] Out-of-bounds Write in zlib affects Nokogiri
[GHSA-crjr-9rc5-ghw8] Inefficient Regular Expression Complexity in Nokogiri