AdvisoryWeek
Subscribe
Archives
2022-22 - Mozilla, Canonical, Red Hat, Microsoft, GitHub
Published on June 6, 2022
Email address
Subscribe
Advisory Week
Week 22, 2022
Mozilla Security Advisories
Security Vulnerabilities fixed in Firefox for iOS 101 mfsa2022-23
Security Vulnerabilities fixed in Thunderbird 91.10 mfsa2022-22
Security Vulnerabilities fixed in Firefox ESR 91.10 mfsa2022-21
Security Vulnerabilities fixed in Firefox 101 mfsa2022-20
Ubuntu Security Notices
USN-5459-1: cifs-utils vulnerabilities
USN-5458-1: Vim vulnerabilities
USN-5456-1: ImageMagick vulnerability
LSN-0086-1: Kernel Live Patch Security Notice
USN-5457-1: WebKitGTK vulnerabilities
USN-5443-2: Linux kernel vulnerabilities
USN-5442-2: Linux kernel vulnerabilities
USN-5454-2: CUPS vulnerabilities
USN-5451-1: InfluxDB vulnerability
USN-5454-1: CUPS vulnerabilities
USN-5446-2: dpkg vulnerability
USN-5453-1: FreeType vulnerability
USN-5452-1: NTFS-3G vulnerability
USN-5431-1: GnuPG vulnerability
Red Hat Security Advisory
(RHSA-2022:4893) Important: postgresql:12 security update
(RHSA-2022:4891) Important: thunderbird security update
(RHSA-2022:4895) Important: postgresql:10 security update
(RHSA-2022:4899) Important: compat-openssl11 security and bug fix update
(RHSA-2022:4888) Important: thunderbird security update
(RHSA-2022:4890) Important: thunderbird security update
(RHSA-2022:4892) Important: thunderbird security update
(RHSA-2022:4894) Important: postgresql:10 security update
(RHSA-2022:4889) Important: thunderbird security update
(RHSA-2022:4887) Important: thunderbird security update
(RHSA-2022:4896) Important: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0]
(RHSA-2022:4880) Moderate: ACS 3.70 enhancement and security update
(RHSA-2022:4871) Important: firefox security update
(RHSA-2022:4872) Important: firefox security update
(RHSA-2022:4873) Important: firefox security update
(RHSA-2022:4857) Important: postgresql:13 security update
(RHSA-2022:4856) Important: postgresql:12 security update
(RHSA-2022:4876) Important: firefox security update
(RHSA-2022:4854) Important: postgresql:10 security update
(RHSA-2022:4855) Important: postgresql:13 security update
(RHSA-2022:4866) Important: Satellite Tools 6.10.5 Async Bug Fix Update
(RHSA-2022:4867) Important: Satellite Tools 6.9.9 Async Bug Fix Update
(RHSA-2022:4870) Important: firefox security update
(RHSA-2022:4863) Moderate: Release of OpenShift Serverless Version 1.22.1
(RHSA-2022:4860) Moderate: Release of OpenShift Serverless Client kn 1.22.1
(RHSA-2022:4845) Important: zlib security update
(RHSA-2022:4835) Important: kernel-rt security and bug fix update
(RHSA-2022:4834) Moderate: expat security update
(RHSA-2022:4824) Moderate: fapolicyd security and bug fix update
(RHSA-2022:4816) Important: container-tools:3.0 security update
(RHSA-2022:4818) Moderate: mariadb:10.3 security and bug fix update
(RHSA-2022:4814) Moderate: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update
(RHSA-2022:4807) Important: postgresql:12 security update
(RHSA-2022:2281) Moderate: OpenShift Container Platform 3.11.705 security update
(RHSA-2022:4809) Important: kpatch-patch security update
(RHSA-2022:4808) Important: rsyslog and rsyslog7 security update
(RHSA-2022:2280) Important: OpenShift Container Platform 3.11.705 security update
(RHSA-2022:4805) Important: postgresql:10 security update
(RHSA-2022:4798) Important: maven:3.5 security update
(RHSA-2022:4797) Important: maven:3.6 security update
(RHSA-2022:4796) Important: nodejs:16 security update
(RHSA-2022:4803) Important: rsyslog security update
(RHSA-2022:4799) Important: rsyslog security update
(RHSA-2022:4800) Important: rsyslog security update
(RHSA-2022:4802) Important: rsyslog security update
(RHSA-2022:4795) Important: rsyslog security update
(RHSA-2022:4801) Important: rsyslog security update
(RHSA-2022:4771) Important: postgresql security update
Microsoft Security
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Chromium: CVE-2022-1853 Use after free in Indexed DB
Chromium: CVE-2022-1854 Use after free in ANGLE
Chromium: CVE-2022-1855 Use after free in Messaging
Chromium: CVE-2022-1856 Use after free in User Education
Chromium: CVE-2022-1857 Insufficient policy enforcement in File System API
Chromium: CVE-2022-1858 Out of bounds read in DevTools
Chromium: CVE-2022-1859 Use after free in Performance Manager
Chromium: CVE-2022-1862 Inappropriate implementation in Extensions
Chromium: CVE-2022-1863 Use after free in Tab Groups
Chromium: CVE-2022-1864 Use after free in WebApp Installs
Chromium: CVE-2022-1865 Use after free in Bookmarks
Chromium: CVE-2022-1867 Insufficient validation of untrusted input in Data Transfer
Chromium: CVE-2022-1868 Inappropriate implementation in Extensions API
Chromium: CVE-2022-1869 Type Confusion in V8
Chromium: CVE-2022-1870 Use after free in App Service
Chromium: CVE-2022-1871 Insufficient policy enforcement in File System API
Chromium: CVE-2022-1872 Insufficient policy enforcement in Extensions API
Chromium: CVE-2022-1873 Insufficient policy enforcement in COOP
Chromium: CVE-2022-1874 Insufficient policy enforcement in Safe Browsing
Chromium: CVE-2022-1875 Inappropriate implementation in PDF
Chromium: CVE-2022-1876 Heap buffer overflow in DevTools
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Github Security Advisories
[GHSA-mj46-r4gr-5x83] Unsanitized JavaScript code injection possible in gatsby-plugin-mdx
[GHSA-p9p4-97g9-wcrh] Dev error stack trace leaking into prod in Play Framework
[GHSA-v8x6-59g4-5g3w] Denial of service binding form from JSON in Play Framework
[GHSA-9w9f-6mg8-jp7w] Missing Role Based Access Control for the REST handlers in bleve/http package
[GHSA-w689-557m-2cvq] Server-Side Request Forgery in gogs webhook
[GHSA-2x4v-g8cx-jxrq] Login timing attack in ibexa/core
[GHSA-xfqg-p48g-hh94] Login timing attack in ezsystems/ezpublish-kernel
[GHSA-342c-vcff-2ff2] Login timing attack in ezsystems/ezplatform-kernel
[GHSA-56j7-2pm8-rgmx] OS Command Injection in gogs
[GHSA-958j-443g-7mm7] OS Command Injection in gogs
[GHSA-pj96-4jhv-v792] Cross site scripting via cookies in gogs
[GHSA-f5x9-8jwc-25rw] Uncaught Exception (due to a data race) leads to process termination in Waitress
[GHSA-hj9c-8jmm-8c52] Packing does not respect root-level ignore files in workspaces
[GHSA-c8f7-x2g7-7fxj] All source code and data in extensions folder is publicly available
[GHSA-8639-qx56-r428] CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
[GHSA-xjfw-5vv5-vjq2] Cross-site Scripting in Filter Stream Converter Application in XWiki Platform
[GHSA-gp95-ppv5-3jc5] Possible vulnerability in sharp at 'npm install' time if an attacker has control over build environment
[GHSA-9qrp-h7fw-42hg] Path Traversal in XWiki Platform
[GHSA-72p8-v4hg-v45p] Weak private key generation in SSH.NET
AdvisoryWeek
