AdvisoryWeek
Subscribe
Archives
2022-21 - Canonical, Red Hat, GitHub
Published on May 30, 2022
Email address
Subscribe
Advisory Week
Week 21, 2022
Ubuntu Security Notices
USN-5450-1: Subversion vulnerabilities
USN-5448-1: ncurses vulnerabilities
USN-5449-1: libXv vulnerability
USN-5402-2: OpenSSL vulnerabilities
USN-5447-1: logrotate vulnerability
USN-5446-1: dpkg vulnerability
USN-5445-1: Subversion vulnerabilities
USN-5444-1: Linux kernel vulnerability
USN-5442-1: Linux kernel vulnerabilities
USN-5443-1: Linux kernel vulnerabilities
USN-5441-1: WebKitGTK vulnerabilities
USN-5404-2: Rsyslog vulnerability
USN-5440-1: PostgreSQL vulnerability
USN-5439-1: AccountsService vulnerability
USN-5438-1: HTMLDOC vulnerability
USN-5437-1: libXfixes vulnerability
USN-5436-1: libXrender vulnerabilities
USN-5435-1: Thunderbird vulnerabilities
USN-5434-1: Firefox vulnerabilities
USN-5433-1: Vim vulnerabilities
USN-5432-1: libpng vulnerabilities
Red Hat Security Advisory
(RHSA-2022:4776) Critical: firefox security update
(RHSA-2022:4769) Critical: thunderbird security update
(RHSA-2022:4765) Critical: firefox security update
(RHSA-2022:4768) Critical: firefox security update
(RHSA-2022:4766) Critical: firefox security update
(RHSA-2022:4772) Critical: thunderbird security update
(RHSA-2022:4770) Critical: thunderbird security update
(RHSA-2022:4788) Moderate: openvswitch2.16 security update
(RHSA-2022:4787) Moderate: openvswitch2.15 security update
(RHSA-2022:4786) Moderate: openvswitch2.13 security update
(RHSA-2022:4767) Critical: firefox security update
(RHSA-2022:4774) Critical: thunderbird security update
(RHSA-2022:4773) Critical: thunderbird security update
(RHSA-2022:2263) Important: OpenShift Container Platform 4.6.58 packages and security update
(RHSA-2022:2265) Moderate: OpenShift Container Platform 4.6.58 security and extras update
(RHSA-2022:4712) Moderate: RHV Engine and Host Common Packages security update
(RHSA-2022:4764) Low: RHV RHEL Host (ovirt-host) [ovirt-4.5.0] security update
(RHSA-2022:4711) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
(RHSA-2022:2264) Moderate: OpenShift Container Platform 4.6.58 bug fix and security update
(RHSA-2022:2272) Moderate: OpenShift Container Platform 4.8.41 bug fix and security update
(RHSA-2022:2268) Moderate: OpenShift Container Platform 4.7.51 security update
(RHSA-2022:4745) Important: rh-varnish6-varnish security update
(RHSA-2022:2283) Moderate: OpenShift Container Platform 4.9.35 bug fix and security update
(RHSA-2022:4729) Critical: firefox security update
(RHSA-2022:4730) Critical: thunderbird security update
(RHSA-2022:4722) Important: subversion:1.14 security update
(RHSA-2022:4717) Important: kernel security update
(RHSA-2022:4721) Important: kpatch-patch security update
(RHSA-2022:4699) Important: maven:3.5 security update
Github Security Advisories
[GHSA-fm53-mpmp-7qw2] Possible cross-site scripting attack via unsanitized SVG files in FoF Upload
[GHSA-ph5x-h23x-7q5q] XSS in wiki manager join wiki page
[GHSA-vmhh-xh3g-j992] XSS in the Flamingo theme manager
[GHSA-qfr3-323w-qv27] Possible information disclosure inside TreeGrid component with default data provider
[GHSA-pjpc-87mp-4332] Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
[GHSA-67fj-6w6m-w5j8] Reversible One-Way Hash in io.github.javaezlib:JavaEZ
[GHSA-gj94-v4p9-w672] Denial-of-service vulnerability processing large chat messages containing many newlines
[GHSA-qm6v-cg9v-53j3] Limited Authentication Bypass for Media Files
[GHSA-634x-pc3q-cf4c] PHP Code Injection by malicious block or filename
[GHSA-jfxf-4frr-9j3q] XSS in various backend modules due to (un)escaping in JS notification module
[GHSA-hj57-j5cw-2mwp] Ignition config accessible to unprivileged software on VMware
[GHSA-7qcx-4p32-qcmx] Missing Cryptographic Step in cassproject
[GHSA-mw6j-hh29-h379] `CHECK` failure in depthwise ops via overflows
[GHSA-w45j-f832-hxvh] Client Certificates are accepted without CertificateVerify
[GHSA-cwmx-hcrq-mhc3] Cross-domain cookie leakage in Guzzle
[GHSA-cvj7-5f3c-9vg9] AttesterSlashing number overflow
[GHSA-ffqj-6fqr-9h24] Key confusion through non-blocklisted public key formats
[GHSA-75c9-jrh4-79mc] Code injection in `saved_model_cli`
[GHSA-5889-7v45-q28m] Incomplete validation in signal ops leads to crashes
[GHSA-8wwm-6264-x792] Core dump when loading TFLite models with quantization
[GHSA-xrp2-fhq4-4q3w] Segfault if `tf.histogram_fixed_width` is called with NaN values
[GHSA-hc2f-7r5r-r2hg] Heap buffer overflow due to incorrect hash function
[GHSA-f4rr-5m7v-wxcw] Type confusion leading to `CHECK`-failure based denial of service
[GHSA-2r2f-g8mw-9gvr] Segfault and OOB write due to incomplete validation in `EditDistance`
[GHSA-5wpj-c6f7-24x8] Undefined behavior when users supply invalid resource handles
[GHSA-rc9w-5c64-9vqq] Missing validation results in undefined behavior in `SparseTensorDenseAdd
[GHSA-54ch-gjq5-4976] Segfault due to missing support for quantized types
[GHSA-hx9q-2mx4-m4pg] Missing validation causes denial of service via `Conv3DBackpropFilterV2`
[GHSA-jjm6-4vf7-cjh4] Integer overflow in `SpaceToBatchND`
[GHSA-cwpm-f78v-7m5c] Denial of service in `tf.ragged.constant` due to lack of validation
[GHSA-pqhm-4wvf-2jg8] Missing validation results in undefined behavior in `QuantizedConv2D`
[GHSA-2vv3-56qg-g2cf] Missing validation causes denial of service via `LSTMBlockCell`
[GHSA-p9rc-rmr5-529j] Missing validation causes denial of service via `LoadAndRemapMatrix`
[GHSA-mg66-qvc5-rm93] Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`
[GHSA-hrg5-737c-2p56] Missing validation causes denial of service via `UnsortedSegmentJoin`
[GHSA-5v77-j66x-4c4g] Missing validation causes denial of service via `Conv3DBackpropFilterV2`
[GHSA-h48f-q7rw-hvr7] Missing validation causes denial of service via `StagePeek`
[GHSA-h5g4-ppwx-48q2] Missing validation causes denial of service via `DeleteSessionTensor`
[GHSA-h2wq-prv9-2f56] Missing validation crashes `QuantizeAndDequantizeV4Grad`
[GHSA-fv25-wrff-wf86] Missing validation causes denial of service via `GetSessionTensor`
[GHSA-cm8f-h6j3-p25c] Header reconstruction method can be thrown into an infinite loop
[GHSA-cx94-mrg9-rq4j] Buffer for inbound DTLS fragments has no limit
[GHSA-qwrf-gfpj-qvj6] Smokescreen SSRF via deny list bypass (square brackets)
[GHSA-q2mx-j4x2-2h74] URL Redirection to Untrusted Site ('Open Redirect') in next-auth
[GHSA-8vxv-2g8p-2249] Observable Timing Discrepancy in totp-rs
[GHSA-fmrf-gvjp-5j5g] Cilium enables rogue node to cluster admin privilege escalation
[GHSA-6p8v-8cq8-v2r3] Access to Unix domain socket can lead to privileges escalation in Cilium
[GHSA-4wpp-w5r4-7v5v] Server-Side Request Forgery in charm
[GHSA-wjxw-gh3m-7pm5] DoS via malicious p2p message
[GHSA-66x3-6cw3-v5gj] Improper Validation of Integrity Check Value in go-tuf
[GHSA-7ww6-75fj-jcj7] Cross-site Scripting in Auth0 Lock
[GHSA-ff28-f46g-r9g8] Cross-site Scripting in Gogs
[GHSA-r642-gv9p-2wjj] Argo CD will blindly trust JWT claims if anonymous access is enabled
[GHSA-f3fp-gc8g-vw66] Default inheritable capabilities for linux container should be empty
[GHSA-2p9q-h29j-3f5v] Missing validation causes `TensorSummaryV2` to crash
[GHSA-h8v5-p258-pqf4] Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
[GHSA-xmg8-99r8-jc2j] Login screen allows message spoofing if SSO is enabled
[GHSA-xh29-r2w5-wx8m] Improper Handling of Unexpected Data Type in Nokogiri
[GHSA-6gcg-hp2x-q54h] Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
[GHSA-44pw-h2cw-w3vq] Uncontrolled Resource Consumption in Hawk
[GHSA-37hr-348p-rmf4] Improper handling of multiline messages in node-irc affects matrix-appservice-irc
[GHSA-cmv8-6362-r5w9] Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows