AdvisoryWeek
Subscribe
Archives
2022-47 - Canonical, Red Hat, Amazon, GitHub
Published on November 28, 2022
Email address
Subscribe
Advisory Week
Week 47, 2022
National Cyber Awareness System
CISA Releases Eight Industrial Control Systems Advisories
Ubuntu Security Notices
USN-5743-1: LibTIFF vulnerability
USN-5742-1: JBIG-KIT vulnerability
USN-5741-1: Exim vulnerability
USN-5736-1: ImageMagick vulnerabilities
USN-5740-1: X.Org X Server vulnerabilities
USN-5739-1: MariaDB vulnerabilities
USN-5638-3: Expat vulnerability
USN-5737-1: APR-util vulnerability
USN-5735-1: Sysstat vulnerability
USN-5734-1: FreeRDP vulnerabilities
USN-5716-2: SQLite vulnerability
USN-5658-3: DHCP vulnerabilities
USN-5733-1: FLAC vulnerabilities
USN-5686-3: Git vulnerabilities
Red Hat Security Advisory
(RHSA-2022:8535) Moderate: OpenShift Container Platform 4.11.16 security update
(RHSA-2022:8534) Low: OpenShift Container Platform 4.11.16 security update
(RHSA-2022:8609) Important: OpenShift Virtualization 4.9.7 Images security update
(RHSA-2022:8598) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-1]
(RHSA-2022:8580) Important: firefox security update
(RHSA-2022:8561) Important: thunderbird security update
(RHSA-2022:8560) Important: hsqldb security update
(RHSA-2022:8559) Important: hsqldb security update
(RHSA-2022:8556) Important: thunderbird security update
(RHSA-2022:8555) Important: thunderbird security update
(RHSA-2022:8554) Important: firefox security update
(RHSA-2022:8553) Important: firefox security update
(RHSA-2022:8552) Important: firefox security update
(RHSA-2022:8550) Important: firefox security update
(RHSA-2022:8549) Important: firefox security update
(RHSA-2022:8548) Important: firefox security update
(RHSA-2022:8545) Important: thunderbird security update
(RHSA-2022:8544) Important: thunderbird security update
(RHSA-2022:8543) Important: thunderbird security update
Amazon AWS Security Advisories
Reported AWS AppSync Issue
Github Security Advisories
[GHSA-562r-vg33-8x8h] TemporaryFolder on unix-like systems does not limit access to created files
[GHSA-gpv5-rp6w-58r8] Remote code execution vulnerability in dependency System.Drawing.Common
[GHSA-8w5g-3wcv-9g2j] Tensorflow vulnerable to Out-of-Bounds Read
[GHSA-r7qp-cfhv-p84w] Uncaught exception in engine.io
[GHSA-7x4w-j98p-854x] Cross site scripting vulnerability with discussion titles
[GHSA-cqvq-fvhr-v6hc] `CHECK` failure in `SobolSample` via missing validation
[GHSA-xf83-q765-xm6m] `CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
[GHSA-q6jp-gcww-8v2j] Missing Authorization in Filter Stream Converter Application
[GHSA-p88w-fhxw-xvcc] Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
[GHSA-p2x4-6ghr-6vmq] Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
[GHSA-6w8h-26xx-cf8q] Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
[GHSA-q2hm-2h45-v5g3] Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
[GHSA-4x5r-6v26-7j4v] Creation of new database tables through login form on PostgreSQL
[GHSA-5j7g-cf6r-g2h7] Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui
[GHSA-p5v9-g8w8-5q4v] Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
[GHSA-2gj2-vj98-j2qq] Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
[GHSA-9hqh-fmhg-vq2j] Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
[GHSA-mq7h-5574-hw9f] Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
[GHSA-qccm-wmcq-pwr6] Tailscale daemon is vulnerable to information disclosure via CSRF
[GHSA-vqp6-rc3h-83cp] Tailscale Windows daemon is vulnerable to RCE via CSRF
[GHSA-442f-wcwq-fpcf] Prevent RCE when deserializing untrusted user input
[GHSA-pp3f-xrw5-q5j4] Lancet vulnerable to path traversal when unzipping files
[GHSA-3fjj-p79j-c9hh] Fastify: Incorrect Content-Type parsing can lead to CSRF attack
[GHSA-pf36-r9c6-h97j] Invalid char to bool conversion when printing a tensor
[GHSA-frqp-wp83-qggv] Heap overflow in `QuantizeAndDequantizeV2`
[GHSA-rjx6-v474-2ch9] Segfault in `CompositeTensorVariantToComponents`
[GHSA-mv77-9g28-cwg3] `CHECK` fail via inputs in `PyFunc`
[GHSA-368v-7v32-52fx] Overflow in `ResizeNearestNeighborGrad`
[GHSA-cg88-rpvp-cjv5] Out of bounds write in grappler in Tensorflow
[GHSA-g9fm-r5mm-rf9f] `CHECK_EQ` fail via input in `SparseMatrixNNZ`
[GHSA-xvwp-h6jv-7472] FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess
[GHSA-27rc-728f-x5w2] `CHECK` fail via inputs in `SdcaOptimizer`
[GHSA-hq7g-wwwp-q46h] `CHECK` fail via inputs in `SparseFillEmptyRowsGrad`
[GHSA-f2w8-jw48-fr7j] `FractionalMaxPoolGrad` Heap out of bounds read
[GHSA-rmg2-f698-wq35] `tf.raw_ops.Mfcc` crashes
[GHSA-gq2j-cr96-gvqx] `MirrorPadGrad` heap out of bounds read
[GHSA-h6q3-vv32-2cq5] Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite
[GHSA-67pf-62xr-q35m] `CHECK_EQ` fail in `tf.raw_ops.TensorListResize`
[GHSA-66vq-54fq-6jvv] Segfault in `tf.raw_ops.TensorListConcat`
[GHSA-h246-cgh4-7475] `CHECK` fail in `BCast` overflow
[GHSA-xxcj-rhqg-m46g] Segfault via invalid attributes in `pywrap_tfe_src.cc`
[GHSA-6x99-gv2v-q76v] FPE in `tf.image.generate_bounding_box_proposals`
[GHSA-8fvv-46hw-vpg3] Overflow in `tf.keras.losses.poisson`
[GHSA-54pp-c6pp-7fpx] Overflow in `ImageProjectiveTransformV2`
[GHSA-762h-vpvw-3rcx] Overflow in `FusedResizeAndPadConv2D`
[GHSA-jq6x-99hj-q636] Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
[GHSA-w58w-79xv-6vcj] Out of bounds segmentation fault due to unequal op inputs in Tensorflow
[GHSA-3w3h-7xgx-grwc] Leakage Aliyun KeySecret
[GHSA-6cqj-6969-p57x] Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
[GHSA-672p-m5jq-mrh8] Insufficient Verification of Proofs generated by the immudb server in client SDK.