AdvisoryWeek
Subscribe
Archives
2022-40 - Canonical, Red Hat, Cisco, GitHub
Published on October 10, 2022
Email address
Subscribe
Advisory Week
Week 40, 2022
National Cyber Awareness System
FBI and CISA Publish a PSA on Information Manipulation Tactics for 2022 Midterm Elections
Top CVEs Actively Exploited by People’s Republic of China State-Sponsored Cyber Actors
Cisco Releases Security Updates for Multiple Products
CISA Releases Two Industrial Control Systems Advisories
FBI and CISA Publish a PSA on Malicious Cyber Activity Against Election Infrastructure
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
CISA Releases Five Industrial Control Systems Advisories
CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks
Ubuntu Security Notices
USN-5663-1: Thunderbird vulnerabilities
USN-5371-3: nginx vulnerability
USN-5661-1: LibreOffice vulnerabilities
USN-5660-1: Linux kernel (GCP) vulnerabilities
USN-5659-1: kitty vulnerabilities
USN-5657-1: Graphite2 vulnerability
USN-5658-1: DHCP vulnerabilities
USN-5656-1: JACK vulnerability
USN-5655-1: Linux kernel (Intel IoTG) vulnerabilities
USN-5654-1: Linux kernel (GKE) vulnerabilities
USN-5653-1: Django vulnerability
USN-5651-2: strongSwan vulnerability
USN-5651-1: strongSwan vulnerability
USN-5614-2: Wayland vulnerability
USN-5652-1: Linux kernel (Azure) vulnerabilities
Red Hat Security Advisory
(RHSA-2022:6850) Important: openvswitch2.11 security update
(RHSA-2022:6839) Important: squid security update
(RHSA-2022:6838) Important: expat security update
(RHSA-2022:6835) Important: Service Registry (container images) release and security update [2.3.0.GA]
(RHSA-2022:6834) Important: expat security update
(RHSA-2022:6833) Important: expat security update
(RHSA-2022:6832) Important: expat security update
(RHSA-2022:6831) Important: expat security update
(RHSA-2022:6820) Moderate: prometheus-jmx-exporter security update
(RHSA-2022:6825) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
(RHSA-2022:6822) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
(RHSA-2022:6823) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
(RHSA-2022:6821) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
(RHSA-2022:6757) Important: Red Hat build of Eclipse Vert.x 4.3.3 security update
(RHSA-2022:6819) Important: Red Hat AMQ Streams 2.2.0 release and security update
(RHSA-2022:6815) Important: squid security update
(RHSA-2022:6813) Important: Red Hat Process Automation Manager 7.13.1 security update
(RHSA-2022:6787) Moderate: Red Hat Single Sign-On 7.5.3 security update
(RHSA-2022:6783) Moderate: Red Hat Single Sign-On 7.5.3 security update on RHEL 8
(RHSA-2022:6782) Moderate: Red Hat Single Sign-On 7.5.3 security update on RHEL 7
(RHSA-2022:6781) Important: bind9.16 security update
(RHSA-2022:6780) Important: bind security update
(RHSA-2022:6779) Important: bind security update
(RHSA-2022:6778) Important: bind security update
(RHSA-2022:6777) Important: squid:4 security update
(RHSA-2022:6776) Important: squid:4 security update
(RHSA-2022:6775) Important: squid:4 security update
(RHSA-2022:6774) Important: squid:4 security update
(RHSA-2022:6766) Moderate: rh-python38-python security update
(RHSA-2022:6765) Important: bind security update
(RHSA-2022:6764) Important: bind security update
(RHSA-2022:6763) Important: bind security update
Cisco Security Advisory
Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability
Cisco Touch 10 Devices Insufficient Identity Verification Vulnerability
Cisco Enterprise NFV Infrastructure Software Improper Signature Verification Vulnerability
Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
Cisco BroadWorks Hosted Thin Receptionist Cross-Site Scripting Vulnerability
Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Cisco Jabber Client Software Extensible Messaging and Presence Protocol Stanza Smuggling Vulnerability
Cisco Touch 10 Devices Downgrade Vulnerability
Github Security Advisories
[GHSA-pj2c-h76w-vv6f] tiny-csrf has openly visible CSRF tokens
[GHSA-p75c-5x3h-cxcg] Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
[GHSA-xrx9-gj26-5wx9] v8n vulnerable to Inefficient Regular Expression Complexity
[GHSA-8r99-h8j2-rw64] Twisted vulnerable to HTTP Request Smuggling Attacks
[GHSA-x279-68rr-jp4p] Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function
[GHSA-p658-8693-mhvg] Tendermint Core vulnerable to Uncontrolled Resource Consumption
[GHSA-9jjw-hf72-3mxw] TensorFlow vulnerable to heap out of bounds read in filesystem glob matching
[GHSA-4xqx-pqpj-9fqw] gajira-create GitHub action vulnerable to arbitrary code execution
[GHSA-9gp7-6833-wv89] etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
[GHSA-528j-9r78-wffx] etcd user credentials are stored in WAL logs in plaintext
[GHSA-4993-m7g5-r9hh] etcd has no minimum password length
[GHSA-h8g9-6gvh-5mrc] etcd vulnerable to TOCTOU of gateway endpoint authentication
[GHSA-m332-53r6-2w93] etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic
[GHSA-8w7w-67mw-r5p7] generator-jhipster vulnerable to login check Regular Expression Denial of Service
[GHSA-398j-f7m7-795j] PHPMailer vulnerable to email header injection
[GHSA-745p-r637-7vvp] Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
[GHSA-m5m3-46gj-wch8] SIF's Digital Signature Hash Algorithms Not Validated
[GHSA-px9g-8hgv-jvg2] kamadak-exif vulnerable to Infinite loop when parsing PNG files
[GHSA-67x4-qr35-qvrm] FlyteAdmin's Default OAuth Authorization Server secret must be rotated
[GHSA-h4h5-3hr4-j3g2] protobuf-java has a potential Denial of Service issue
[GHSA-mgvv-5mxp-xq67] SQLite3 addresses vulnerability in packaged version of libsqlite
[GHSA-vh7g-p26c-j2cw] Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code