AdvisoryWeek
Subscribe
Archives
2022-16 - Oracle, Canonical, Red Hat, Cisco, Amazon, GitHub
Published on April 25, 2022
Email address
Subscribe
Advisory Week
Week 16, 2022
Oracle Security Alerts
Oracle Critical Patch Update Advisory - April 2022
Ubuntu Security Notices
USN-5385-1: Linux kernel vulnerabilities
USN-5384-1: Linux kernel vulnerabilities
USN-5383-1: Linux kernel vulnerabilities
USN-5382-1: libinput vulnerability
USN-5381-1: Linux kernel (OEM) vulnerabilities
USN-5380-1: Bash vulnerability
USN-5379-1: klibc vulnerabilities
Red Hat Security Advisory
(RHSA-2022:1356) Moderate: OpenShift Container Platform 4.10.10 bug fix and security update
(RHSA-2022:1461) Important: Logging Subsystem 5.4 - Red Hat OpenShift Security and Bug update
(RHSA-2022:1478) Important: Satellite 6.9.9 Async Bug Fix Update
(RHSA-2022:1389) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
(RHSA-2022:1390) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
(RHSA-2022:1476) Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes
(RHSA-2022:1469) Low: Red Hat Single Sign-On 7.5.2 security update
(RHSA-2022:1363) Moderate: OpenShift Container Platform 4.9.29 bug fix and security update
(RHSA-2022:1463) Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 8
(RHSA-2022:1462) Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 7
(RHSA-2022:1440) Important: java-11-openjdk security, bug fix, and enhancement update
(RHSA-2022:1442) Important: java-11-openjdk security update
(RHSA-2022:1445) Important: java-17-openjdk security and bug fix update
(RHSA-2022:1444) Important: java-11-openjdk security update
(RHSA-2022:1441) Important: java-11-openjdk security update
(RHSA-2022:1443) Important: java-11-openjdk security update
(RHSA-2022:1370) Moderate: OpenShift Container Platform 4.8.37 security and extras update
(RHSA-2022:1336) Important: OpenShift Container Platform 4.7.49 security update
(RHSA-2022:1357) Moderate: OpenShift Container Platform 4.10.10 security and extras update
(RHSA-2022:1418) Important: kpatch-patch security update
(RHSA-2022:1407) Moderate: container-tools:2.0 security and bug fix update
(RHSA-2022:1410) Low: 389-ds:1.4 security and bug fix update
(RHSA-2022:1417) Important: kernel security update
(RHSA-2022:1413) Important: kernel-rt security and bug fix update
(RHSA-2022:1402) Moderate: OpenShift Virtualization 2.6.10 RPMs security and bug fix update
(RHSA-2022:1396) Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update
(RHSA-2022:1394) Important: Red Hat Ceph Storage 3 Security and Bug Fix update
Cisco Security Advisory
Cisco Unified Communications Products Arbitrary File Write Vulnerability
Cisco Unified Communications Products Cross-Site Scripting Vulnerability
Cisco Unified Communications Products Arbitrary File Read Vulnerability
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability
Cisco Unified Communications Products Denial of Service Vulnerability
Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability
Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability
Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability
Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability
Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software AnyConnect SSL VPN Denial of Service Vulnerability
Cisco Webex Meetings Cross-Site Scripting Vulnerability
Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability
Amazon AWS Security Advisories
Reported Apache Log4j Hotpatch Issues
Github Security Advisories
[GHSA-9wrv-g75h-8ccc] Improper Access Control in Shopware
[GHSA-7gm7-8q8v-9gf2] Server-Side Request Forgery (SSRF) in Shopware
[GHSA-g5rr-p69h-7v3g] Insufficient type validation in pocketmine/pocketmine-mp
[GHSA-xg75-q3q5-cqmv] Denial of Service in http-swagger
[GHSA-xcjx-m2pj-8g79] Manipulated inline images can cause Infinite Loop in PyPDF2
[GHSA-f9wg-5f46-cjmw] NextAuth.js default redirect callback vulnerable to open redirects
[GHSA-3r7g-wrpr-j5g4] Improper Authentication in django-mfa3
[GHSA-4hj2-r2pm-3hc6] Incorrect Default Permissions in CRI-O
[GHSA-frxg-hf44-q765] Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp
[GHSA-4pm3-f52j-8ggh] Improper Input Validation in GeoServer
[GHSA-cf4q-4cqr-7g7w] SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc
[GHSA-j2x6-9323-fp7h] Integer bounds error in Vyper
[GHSA-8xc6-g8xw-h2c4] YARP Denial of Service Vulnerability
[GHSA-j35p-q24r-5367] Dep Group Remote Memory Exhaustion (Denial of Service) in ckb
[GHSA-3227-r97m-8j95] Relative Path Traversal in afire serve_static
[GHSA-x7cr-6qr6-2hh6] Missing input validation can lead to command execution in composer
[GHSA-6rw3-3whw-jvjj] Git LFS can execute a binary from the current directory on Windows
[GHSA-4mrx-6fxm-8jpg] Buffer Overflow in vyper
[GHSA-x2w5-725j-gf2g] Prototype Pollution in convict