AdvisoryWeek
Subscribe
Archives
2022-28 - Adobe, Canonical, Red Hat, Microsoft, Amazon, GitHub
Published on July 18, 2022
Email address
Subscribe
Advisory Week
Week 28, 2022
Adobe Security Bulletins and Advisories
Security updates available for Adobe Photoshop | APSB21-28 APSB22-35
Security update available for RoboHelp APSB22-10
Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-32
Ubuntu Security Notices
USN-5520-1: HTTP-Daemon vulnerability
USN-5519-1: Python vulnerability
USN-5512-1: Thunderbird vulnerabilities
USN-5518-1: Linux kernel vulnerabilities
USN-5517-1: Linux kernel (OEM) vulnerabilities
USN-5516-1: Vim vulnerabilities
USN-5473-2: ca-certificates update
USN-5515-1: Linux kernel vulnerabilities
USN-5514-1: Linux kernel vulnerabilities
USN-5513-1: Linux kernel (AWS) vulnerabilities
USN-5511-1: Git vulnerabilities
USN-5256-1: uriparser vulnerabilities
USN-5510-2: X.Org X Server vulnerabilities
USN-5510-1: X.Org X Server vulnerabilities
USN-5503-2: GnuPG vulnerability
USN-5508-1: Python LDAP vulnerability
USN-5509-1: Dovecot vulnerability
Red Hat Security Advisory
(RHSA-2022:5564) Important: kernel security, bug fix, and enhancement update
(RHSA-2022:5565) Important: kernel-rt security and bug fix update
(RHSA-2022:5542) Important: squid security update
Microsoft Security
Windows Kernel Information Disclosure Vulnerability
Windows BitLocker Information Disclosure Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Microsoft Defender for Endpoint Tampering Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Storage Library Information Disclosure Vulnerability
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Windows Boot Manager Security Feature Bypass Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Security Account Manager (SAM) Denial of Service Vulnerability
Windows IIS Server Elevation of Privilege Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Connected Devices Platform Service Information Disclosure Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Active Directory Federation Services Elevation of Privilege Vulnerability
Windows Server Service Tampering Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
Windows Shell Remote Code Execution Vulnerability
Windows Hyper-V Information Disclosure Vulnerability
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
Windows Fax Service Remote Code Execution Vulnerability
Windows Internet Information Services Cachuri Module Denial of Service Vulnerability
Windows CSRSS Elevation of Privilege Vulnerability
Windows Fax Service Remote Code Execution Vulnerability
Windows Network File System Information Disclosure Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Performance Counters for Windows Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Internet Information Services Dynamic Compression Module Denial of Service Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Hyper-V Information Disclosure Vulnerability
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
Windows.Devices.Picker.dll Elevation of Privilege Vulnerability
Windows CSRSS Elevation of Privilege Vulnerability
BitLocker Security Feature Bypass Vulnerability
Windows CSRSS Elevation of Privilege Vulnerability
Windows Fax Service Elevation of Privilege Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
Skype for Business and Lync Remote Code Execution Vulnerability
HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data
Xbox Live Save Service Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
AMD: CVE-2022-23816 AMD CPU Branch Type Confusion
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
AMD: CVE-2022-23825 AMD CPU Branch Type Confusion
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Amazon AWS Security Advisories
Reported EKS IAM Authenticator Issue
Github Security Advisories
[GHSA-hwqr-f3v9-hwxr] Workers for local Dask clusters mistakenly listened on public interfaces
[GHSA-wc5v-r48v-g4vh] Cilium host policy bypass in endpoint-routes mode with dual-stack
[GHSA-44vr-rwwj-p88h] Shscape vulnerable to insufficient escaping of whitespace
[GHSA-jjc5-fp7p-6f8w] Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
[GHSA-q37h-jhf3-85cj] Bypass of CMS Safe Mode Security Feature
[GHSA-5p73-qg2v-383h] Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library
[GHSA-768m-5w34-2xf5] Use of Insufficiently Random Values in packbackbooks/lti-1-3-php-library
[GHSA-c28r-hw5m-5gv3] Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
[GHSA-6f85-3f8q-qc94] OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor
[GHSA-376v-xgjx-7mfr] Timing Attack Vector in fastify-bearer-auth
[GHSA-8mjr-jr5h-q2xr] Account cannot process transactions on Goerli
[GHSA-qwrj-9hmp-gpxh] FlyteAdmin Insufficient AccessToken Expiration Check prior to v1.1.30
[GHSA-8v7h-cpc2-r8jp] RCE via race condition in October CMS upload process
[GHSA-cr6p-23cf-w9g9] No security checking for UnsafeAccess.getInstance() in UnsafeAccessor
[GHSA-5pgm-3j3g-2rc7] Error messages leading to potential data exfiltration in Valinor
[GHSA-pmjg-52h9-72qv] Cross-site Scripting for Argo CD SSO users
[GHSA-7943-82jg-wmw5] Certificate verification is skipped for connections to OIDC providers
[GHSA-6wvc-6pww-qr4r] DoS in KubeEdge's Websocket Client in package Viaduct
[GHSA-wrcr-x4qj-j543] Uncontrolled Resource Consumption in KubeEdge Cloud Stream and Edge Stream
[GHSA-qpx3-9565-5xwm] Uncontrolled Resource Consumption in KubeEdge CloudCore Router
[GHSA-x3px-2p95-f6jr] DoS in KubeEdge when signing the CSR from EdgeCore
[GHSA-w52j-3457-q9wr] Uncontrolled Resource Consumption in KubeEdge Cloud AdmissionController component
[GHSA-vwm6-qc77-v2rh] Uncontrolled Resource Consumption in KubeEdge Edge ServiceBus module
[GHSA-cm59-pr5q-cw85] Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot