AdvisoryWeek
Subscribe
Archives
2022-44 - Apple, Canonical, Red Hat, nodejs, Cisco, Microsoft, Google, Amazon, GitHub
Published on November 7, 2022
Email address
Subscribe
Advisory Week
Week 44, 2022
Apple Security Advisory
Xcode 14.1 Security Content
National Cyber Awareness System
Cisco Releases Security Updates for Multiple Products
Apple Releases Security Update for Xcode
CISA Releases Three Industrial Control Systems Advisories
OpenSSL Releases Security Update
CISA Upgrades to TLP 2.0
CISA Releases One Industrial Control Systems Advisory
CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication
Ubuntu Security Notices
USN-5713-1: Python vulnerability
USN-5712-1: SQLite vulnerability
USN-5711-2: NTFS-3G vulnerability
USN-5711-1: NTFS-3G vulnerability
USN-5710-1: OpenSSL vulnerabilities
USN-5709-1: Firefox vulnerabilities
USN-5708-1: backport-iwlwifi-dkms vulnerabilities
USN-5707-1: Libtasn1 vulnerability
Red Hat Security Advisory
(RHSA-2022:7417) Moderate: Red Hat Single Sign-On 7.6.1 security update
(RHSA-2022:7411) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
(RHSA-2022:7409) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
(RHSA-2022:7410) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
(RHSA-2022:7407) Moderate: Service Binding Operator 1.3.1 security update
(RHSA-2022:7216) Important: OpenShift Container Platform 4.9.51 bug fix and security update
(RHSA-2022:7384) Critical: openssl-container security update
(RHSA-2022:7344) Important: kpatch-patch security update
(RHSA-2022:7343) Important: pcs security update
(RHSA-2022:7340) Moderate: php-pear security update
(RHSA-2022:7337) Important: kernel security and bug fix update
(RHSA-2022:7338) Important: kernel-rt security and bug fix update
(RHSA-2022:7323) Moderate: python3.9 security update
(RHSA-2022:7330) Important: kpatch-patch security update
(RHSA-2022:7329) Moderate: lua security update
(RHSA-2022:7319) Important: kernel-rt security and bug fix update
(RHSA-2022:7326) Important: pki-core security update
(RHSA-2022:7314) Moderate: zlib security update
(RHSA-2022:7318) Important: kernel security, bug fix, and enhancement update
(RHSA-2022:7313) Moderate: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes
(RHSA-2022:7273) Moderate: Red Hat JBoss Web Server 5.7.0 release and security update
(RHSA-2022:7272) Moderate: Red Hat JBoss Web Server 5.7.0 release and security update
(RHSA-2022:7211) Important: OpenShift Container Platform 4.10.39 bug fix and security update
(RHSA-2022:7201) Important: OpenShift Container Platform 4.11.12 security update
(RHSA-2022:7288) Important: openssl security update
(RHSA-2022:7279) Important: kernel security and bug fix update
(RHSA-2022:7280) Important: kernel-rt security and bug fix update
(RHSA-2022:7283) Important: libksba security update
(RHSA-2022:7276) Moderate: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates
(RHSA-2022:7268) Important: Red Hat OpenStack Platform 13.0 (openvswitch2.11) security update
(RHSA-2022:7261) Moderate: OpenShift API for Data Protection (OADP) 1.0.5 security and bug fix update
Node.js Security Advisories
Nov 3 2022 Security Releases
Cisco Security Advisory
Cisco Identity Services Engine Path Traversal Vulnerability
Cisco Identity Services Engine Software Resource Exhaustion Vulnerability
Cisco Email Security Appliance and Cisco Secure Email and Web Manager HTTP Response Header Injection Vulnerability
Cisco Umbrella Stored Cross-Site Scripting Vulnerability
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
Cisco Identity Services Engine Insufficient Access Control Vulnerability
Cisco BroadWorks CommPilot Application Software Vulnerabilities
Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Information Disclosure Vulnerability
Cisco Email Security Appliance Denial of Service Vulnerability
Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management Vulnerabilities
Microsoft Security
OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun
OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun
Chromium: CVE-2022-3723 Type Confusion in V8
Google Security Advisories
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Chrome Releases: Stable Channel Update for Desktop
Amazon AWS Security Advisories
OpenSSL Security Advisories - November 2022
Github Security Advisories
[GHSA-m7gv-v8xx-v47w] XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
[GHSA-25mx-2mxm-6343] @keystone-6/core's NODE_ENV defaults to development with esbuild
[GHSA-8r69-3cvp-wxc3] Batched HTTP requests may set incorrect `cache-control` response header
[GHSA-fppq-mj76-fpj2] fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
[GHSA-mcmr-49x3-4jqm] ckb type_id script resume may randomly fail
[GHSA-7fw6-6mfj-g3q2] ckb: Transaction header_deps validation issue (network forking)
[GHSA-9mfc-chwf-7whf] ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.
[GHSA-39hc-v87j-747x] Vulnerable OpenSSL included in cryptography wheels
[GHSA-rcrx-fpjp-mfrw] Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
[GHSA-8q72-6qq8-xv64] phpCAS vulnerable to Service Hostname Discovery Exploitation
[GHSA-crh6-fp67-6883] xmldom allows multiple root nodes in a DOM
[GHSA-r8gm-v65f-c973] acryl-datahub missing JWT signature check
[GHSA-pmw9-567p-68pc] OctoRPKI crashes when max iterations is reached
[GHSA-9398-5ghf-7pr6] conduit-hyper vulnerable to Denial of Service from unchecked request length